Home > Vulnerability Database > CVE-2022-37450

Mend.io Vulnerability Database

CVE-2022-37450

Date: August 5, 2022

Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022.

Language: Go

Severity Score

5.9

Related Resources (8)

Url: https://medium.com/%40aviv.yaish/uncle-maker-time-stamping-out-the-competition-in-ethereum-d27c1cb62fef

Url: https://medium.com/@aviv.yaish/uncle-maker-time-stamping-out-the-competition-in-ethereum-d27c1cb62fef

Url: http://dx.doi.org/10.13140/RG.2.2.27813.99043

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-37450

Url: https://news.ycombinator.com/item?id=32354896

Url: https://github.com/ethereum/go-ethereum/blob/671094279e8d27f4b4c3c94bf8b636c26b473976/core/forkchoice.go#L91-L94

Url: https://github.com/ethereum/go-ethereum

Url: https://www.mend.io/vulnerability-database/CVE-2022-37450

Severity Score

5.9

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-37450

Date: August 5, 2022

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?