Home > Vulnerability Database > CVE-2022-36061

Mend.io Vulnerability Database

CVE-2022-36061

Good to know:

Date: September 6, 2022

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds.

Language: Go

Severity Score

9.8

Related Resources (5)

Url: https://github.com/ElrondNetwork/elrond-go/releases/tag/v1.3.35

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-36061

Url: https://github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L452

Url: https://github.com/ElrondNetwork/elrond-go/security/advisories/GHSA-mv8x-668m-53fg

Url: https://www.mend.io/vulnerability-database/CVE-2022-36061

Severity Score

9.8

Weakness Type (CWE)

Improper Initialization

CWE-665

Top Fix

Upgrade Version

Upgrade to version elrond-go - v1.3.35

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-36061

Good to know:

Date: September 6, 2022

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?