CVE-2022-29219 - OpenCVE

Vendors	Products
Chainsafe	Lodestar

Link	Providers
https://github.com/ChainSafe/lodestar/pull/3977
https://github.com/ChainSafe/lodestar/releases/tag/v0.36.0
https://github.com/ChainSafe/lodestar/security/advisories/GHSA-cvj7-5f3c-9vg9

{"containers": {"cna": {"affected": [{"product": "lodestar", "vendor": "ChainSafe", "versions": [{"status": "affected", "version": "< 0.36.0"}]}], "descriptions": [{"lang": "en", "value": "Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted `AttesterSlashing` or `ProposerSlashing` being included on-chain. Because the developers represent `uint64` values as native javascript `number`s, there is an issue when those variables with large (greater than 2^53) `uint64` values are included on chain. In those cases, Lodestar may view valid_`AttesterSlashing` or `ProposerSlashing` as invalid, due to rounding errors in large `number` values. This causes a consensus split, where Lodestar nodes are forked away from the main network. Similarly, Lodestar may consider invalid `ProposerSlashing` as valid, thus including in proposed blocks that will be considered invalid by the network. Version 0.36.0 contains a fix for this issue. As a workaround, use `BigInt` to represent `Slot` and `Epoch` values in `AttesterSlashing` and `ProposerSlashing` objects. `BigInt` is too slow to be used in all `Slot` and `Epoch` cases, so one may carefully use `BigInt` just where necessary for consensus."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-24T14:15:14", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ChainSafe/lodestar/security/advisories/GHSA-cvj7-5f3c-9vg9"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ChainSafe/lodestar/pull/3977"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ChainSafe/lodestar/releases/tag/v0.36.0"}], "source": {"advisory": "GHSA-cvj7-5f3c-9vg9", "discovery": "UNKNOWN"}, "title": "Integer Overflow in Lodestar", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-29219", "STATE": "PUBLIC", "TITLE": "Integer Overflow in Lodestar"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "lodestar", "version": {"version_data": [{"version_value": "< 0.36.0"}]}}]}, "vendor_name": "ChainSafe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted `AttesterSlashing` or `ProposerSlashing` being included on-chain. Because the developers represent `uint64` values as native javascript `number`s, there is an issue when those variables with large (greater than 2^53) `uint64` values are included on chain. In those cases, Lodestar may view valid_`AttesterSlashing` or `ProposerSlashing` as invalid, due to rounding errors in large `number` values. This causes a consensus split, where Lodestar nodes are forked away from the main network. Similarly, Lodestar may consider invalid `ProposerSlashing` as valid, thus including in proposed blocks that will be considered invalid by the network. Version 0.36.0 contains a fix for this issue. As a workaround, use `BigInt` to represent `Slot` and `Epoch` values in `AttesterSlashing` and `ProposerSlashing` objects. `BigInt` is too slow to be used in all `Slot` and `Epoch` cases, so one may carefully use `BigInt` just where necessary for consensus."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-190: Integer Overflow or Wraparound"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ChainSafe/lodestar/security/advisories/GHSA-cvj7-5f3c-9vg9", "refsource": "CONFIRM", "url": "https://github.com/ChainSafe/lodestar/security/advisories/GHSA-cvj7-5f3c-9vg9"}, {"name": "https://github.com/ChainSafe/lodestar/pull/3977", "refsource": "MISC", "url": "https://github.com/ChainSafe/lodestar/pull/3977"}, {"name": "https://github.com/ChainSafe/lodestar/releases/tag/v0.36.0", "refsource": "MISC", "url": "https://github.com/ChainSafe/lodestar/releases/tag/v0.36.0"}]}, "source": {"advisory": "GHSA-cvj7-5f3c-9vg9", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:17:54.286Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ChainSafe/lodestar/security/advisories/GHSA-cvj7-5f3c-9vg9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ChainSafe/lodestar/pull/3977"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ChainSafe/lodestar/releases/tag/v0.36.0"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-29219", "datePublished": "2022-05-24T14:15:14", "dateReserved": "2022-04-13T00:00:00", "dateUpdated": "2024-08-03T06:17:54.286Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chainsafe:lodestar:*:*:*:*:*:*:*:*", "matchCriteriaId": "E25C300E-0B9D-4E88-B46F-546B68E73041", "versionEndExcluding": "0.36.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted `AttesterSlashing` or `ProposerSlashing` being included on-chain. Because the developers represent `uint64` values as native javascript `number`s, there is an issue when those variables with large (greater than 2^53) `uint64` values are included on chain. In those cases, Lodestar may view valid_`AttesterSlashing` or `ProposerSlashing` as invalid, due to rounding errors in large `number` values. This causes a consensus split, where Lodestar nodes are forked away from the main network. Similarly, Lodestar may consider invalid `ProposerSlashing` as valid, thus including in proposed blocks that will be considered invalid by the network. Version 0.36.0 contains a fix for this issue. As a workaround, use `BigInt` to represent `Slot` and `Epoch` values in `AttesterSlashing` and `ProposerSlashing` objects. `BigInt` is too slow to be used in all `Slot` and `Epoch` cases, so one may carefully use `BigInt` just where necessary for consensus."}, {"lang": "es", "value": "Lodestar es una implementaci\u00f3n de TypeScript de la especificaci\u00f3n del Consenso de Ethereum. versiones anteriores a 0.36.0, se presenta una posible divisi\u00f3n del consenso debido a una inclusi\u00f3n en la cadena de \"AttesterSlashing\" o \"ProposerSlashing\" maliciosamente dise\u00f1ados. Debido a que los desarrolladores representan valores \"uint64\" como \"n\u00fameros\" nativos de javascript, se presenta un problema cuando esas variables con valores \"uint64\" grandes (mayores de 2^53) son incluidas en la cadena. En esos casos, Lodestar puede visualizar valid_\"AttesterSlashing\" o \"ProposerSlashing\" como inv\u00e1lidos, debido a errores de redondeo en valores \"num\u00e9ricos\" grandes. Esto causa una divisi\u00f3n del consenso, donde los nodos de Lodestar son bifurcados fuera de la red principal. Del mismo modo, Lodestar puede considerar inv\u00e1lidos los \"ProposerSlashing\" como v\u00e1lidos, incluyendo as\u00ed en bloques propuestos que ser\u00e1n considerados no v\u00e1lidos por la red. La versi\u00f3n 0.36.0 contiene una correcci\u00f3n para este problema. Como mitigaci\u00f3n, use \"BigInt\" para representar los valores \"Slot\" y \"Epoch\" en los objetos \"AttesterSlashing\" y \"ProposerSlashing\". \"BigInt\" es demasiado lento para ser usado en todos los casos de \"Slot\" y \"Epoch\", por lo que puede usarse cuidadosamente \"BigInt\" s\u00f3lo cuando sea necesario para el consenso"}], "id": "CVE-2022-29219", "lastModified": "2022-06-07T16:25:21.867", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-05-24T15:15:07.843", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ChainSafe/lodestar/pull/3977"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/ChainSafe/lodestar/releases/tag/v0.36.0"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ChainSafe/lodestar/security/advisories/GHSA-cvj7-5f3c-9vg9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object