CVE-2022-36447 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-36447

CVE-2022-36447

July 29, 2022

An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious.

Related Resources (5)

https://github.com/pypa/advisory-database/tree/main/vulns/chia-blockchain/PYSEC-2022-43072.yaml

https://nvd.nist.gov/vuln/detail/CVE-2022-36447

https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html

https://chia.net

https://github.com/Chia-Network/chia-blockchain

Do you need more information?

CVSS v4

Base Score:

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

HIGH

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

EPSS

Base Score:

0.24

Products

Solutions

Resources

Company

Compare

Developer Tools