CWE-682
DiscouragedIncorrect Calculation
Abstraction: Pillar · Status: Draft
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
159 vulnerabilities reference this CWE, most recent first.
GHSA-C374-R9P6-QGGQ
Vulnerability from github – Published: 2025-02-07 03:32 – Updated: 2025-02-11 00:31The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors.
{
"affected": [],
"aliases": [
"CVE-2024-25883"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-06T22:15:37Z",
"severity": "MODERATE"
},
"details": "The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors.",
"id": "GHSA-c374-r9p6-qggq",
"modified": "2025-02-11T00:31:47Z",
"published": "2025-02-07T03:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25883"
},
{
"type": "WEB",
"url": "https://github.com/rsd-devel/rsd/issues/75"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C3C6-7G46-49XF
Vulnerability from github – Published: 2022-05-12 00:01 – Updated: 2022-05-20 00:00There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
{
"affected": [],
"aliases": [
"CVE-2022-29978"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-11T14:15:00Z",
"severity": "MODERATE"
},
"details": "There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.",
"id": "GHSA-c3c6-7g46-49xf",
"modified": "2022-05-20T00:00:52Z",
"published": "2022-05-12T00:01:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29978"
},
{
"type": "WEB",
"url": "https://github.com/saitoha/libsixel/issues/166"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C46P-G2H9-XCVX
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2025-04-20 03:43The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.
{
"affected": [],
"aliases": [
"CVE-2017-12134"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-24T14:29:00Z",
"severity": "HIGH"
},
"details": "The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.",
"id": "GHSA-c46p-g2h9-xcvx",
"modified": "2025-04-20T03:43:46Z",
"published": "2022-05-13T01:42:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12134"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477656"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201801-14"
},
{
"type": "WEB",
"url": "https://support.citrix.com/article/CTX225941"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3655-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3655-2"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3981"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/08/15/4"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100343"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039176"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-229.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C57J-PQ55-RH2X
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661.
{
"affected": [],
"aliases": [
"CVE-2021-31440"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-21T15:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661.",
"id": "GHSA-c57j-pq55-rh2x",
"modified": "2022-05-24T19:02:57Z",
"published": "2022-05-24T19:02:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31440"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=10bf4e83167cc68595b85fd73bb91e8f2c086e36"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210706-0003"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-503"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C7PR-343R-5C46
Vulnerability from github – Published: 2021-10-06 17:48 – Updated: 2024-11-18 22:44Impact
The following code does not properly validate that its input is in bounds.
@external
def foo(x: decimal) -> decimal:
return x
Patches
0.3.0 / #2447
Workarounds
Don't use decimal args
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "vyper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41122"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-06T13:26:05Z",
"nvd_published_at": "2021-10-05T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nThe following code does not properly validate that its input is in bounds.\n\n```python\n@external\ndef foo(x: decimal) -\u003e decimal:\n return x\n```\n\n### Patches\n0.3.0 / #2447\n\n### Workarounds\nDon\u0027t use decimal args\n\n",
"id": "GHSA-c7pr-343r-5c46",
"modified": "2024-11-18T22:44:51Z",
"published": "2021-10-06T17:48:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41122"
},
{
"type": "WEB",
"url": "https://github.com/vyperlang/vyper/pull/2447"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/vyper/PYSEC-2021-366.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/vyperlang/vyper"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "missing clamps for decimal args in external functions"
}
GHSA-CPF4-WX82-GXP6
Vulnerability from github – Published: 2021-11-10 18:48 – Updated: 2024-11-13 21:59Impact
The implementation of SplitV can trigger a segfault is an attacker supplies negative arguments:
import tensorflow as tf
tf.raw_ops.SplitV(
value=tf.constant([]),
size_splits=[-1, -2]
,axis=0,
num_split=2)
This occurs whenever size_splits contains more than one value and at least one value is negative.
Patches
We have patched the issue in GitHub commit 25d622ffc432acc736b14ca3904177579e733cc6.
The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41222"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-08T21:59:15Z",
"nvd_published_at": "2021-11-05T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe [implementation](https://github.com/tensorflow/tensorflow/blob/e71b86d47f8bc1816bf54d7bddc4170e47670b97/tensorflow/core/kernels/split_v_op.cc#L49-L205) of `SplitV` can trigger a segfault is an attacker supplies negative arguments:\n\n```python\nimport tensorflow as tf\n\ntf.raw_ops.SplitV(\n value=tf.constant([]),\n size_splits=[-1, -2]\n ,axis=0,\n num_split=2)\n``` \n \nThis occurs whenever `size_splits` contains more than one value and at least one value is negative.\n \n### Patches \nWe have patched the issue in GitHub commit [25d622ffc432acc736b14ca3904177579e733cc6](https://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6).\n\nThe fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-cpf4-wx82-gxp6",
"modified": "2024-11-13T21:59:49Z",
"published": "2021-11-10T18:48:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cpf4-wx82-gxp6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41222"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-631.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-829.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-414.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Segfault due to negative splits in `SplitV`"
}
GHSA-CV99-MQP9-MR8M
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2024-10-21 15:32A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
{
"affected": [],
"aliases": [
"CVE-2017-5462"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "MODERATE"
},
"details": "A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"id": "GHSA-cv99-mqp9-mr8m",
"modified": "2024-10-21T15:32:20Z",
"published": "2022-05-13T01:46:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5462"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1345089"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201705-04"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3831"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3872"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-11"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-12"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-13"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97940"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038320"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CX2Q-HFXR-RJ97
Vulnerability from github – Published: 2023-09-26 19:34 – Updated: 2024-11-19 17:23Impact
_abi_decode() does not validate input when it is nested in an expression. the following example gets correctly validated (bounds checked):
x: int128 = _abi_decode(slice(msg.data, 4, 32), int128)
however, the following example is not bounds checked
@external
def abi_decode(x: uint256) -> uint256:
a: uint256 = convert(_abi_decode(slice(msg.data, 4, 32), (uint8)), uint256) + 1
return a # abi_decode(256) returns: 257
the issue can be triggered by constructing an example where the output of _abi_decode is not internally passed to make_setter (an internal codegen routine) or other input validating routine.
Patches
https://github.com/vyperlang/vyper/pull/3626
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
References
Are there any links users can visit to find out more?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "vyper"
},
"ranges": [
{
"events": [
{
"introduced": "0.3.4"
},
{
"fixed": "0.3.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-42460"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2023-09-26T19:34:53Z",
"nvd_published_at": "2023-09-27T15:19:32Z",
"severity": "MODERATE"
},
"details": "### Impact\n`_abi_decode()` does not validate input when it is nested in an expression. the following example gets correctly validated (bounds checked):\n```vyper\nx: int128 = _abi_decode(slice(msg.data, 4, 32), int128)\n```\n\nhowever, the following example is not bounds checked\n```vyper\n@external\ndef abi_decode(x: uint256) -\u003e uint256:\n a: uint256 = convert(_abi_decode(slice(msg.data, 4, 32), (uint8)), uint256) + 1\n return a # abi_decode(256) returns: 257\n```\n\nthe issue can be triggered by constructing an example where the output of `_abi_decode` is not internally passed to `make_setter` (an internal codegen routine) or other input validating routine.\n\n### Patches\nhttps://github.com/vyperlang/vyper/pull/3626\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\n### References\n_Are there any links users can visit to find out more?_\n",
"id": "GHSA-cx2q-hfxr-rj97",
"modified": "2024-11-19T17:23:02Z",
"published": "2023-09-26T19:34:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42460"
},
{
"type": "WEB",
"url": "https://github.com/vyperlang/vyper/pull/3626"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/vyper/PYSEC-2023-191.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/vyperlang/vyper"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Vyper\u0027s `_abi_decode` input not validated in complex expressions"
}
GHSA-F6HC-9G49-XMX7
Vulnerability from github – Published: 2023-03-01 22:36 – Updated: 2024-05-20 21:48Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this.
From the fix commit notes:
Unlike the rest of nistec, the P-256 assembly doesn't use complete addition formulas, meaning that p256PointAdd[Affine]Asm won't return the correct value if the two inputs are equal.
This was (undocumentedly) ignored in the scalar multiplication loops because as long as the input point is not the identity and the scalar is lower than the order of the group, the addition inputs can't be the same.
As part of the math/big rewrite, we went however from always reducing the scalar to only checking its length, under the incorrect assumption that the scalar multiplication loop didn't require reduction.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "filippo.io/nistec"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-24533"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-01T22:36:36Z",
"nvd_published_at": "2023-03-08T20:15:00Z",
"severity": "HIGH"
},
"details": "Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this.\n\nFrom the fix commit notes:\n\n\u003e Unlike the rest of nistec, the P-256 assembly doesn\u0027t use complete addition formulas, meaning that p256PointAdd[Affine]Asm won\u0027t return the correct value if the two inputs are equal.\n\u003e \n\u003e This was (undocumentedly) ignored in the scalar multiplication loops because as long as the input point is not the identity and the scalar is lower than the order of the group, the addition inputs can\u0027t be the same.\n\u003e \n\u003e As part of the math/big rewrite, we went however from always reducing the scalar to only checking its length, under the incorrect assumption that the scalar multiplication loop didn\u0027t require reduction.",
"id": "GHSA-f6hc-9g49-xmx7",
"modified": "2024-05-20T21:48:49Z",
"published": "2023-03-01T22:36:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24533"
},
{
"type": "WEB",
"url": "https://github.com/FiloSottile/nistec/commit/c58aa1223ccf3943513e1e661cebce95af137244"
},
{
"type": "PACKAGE",
"url": "https://github.com/FiloSottile/nistec"
},
{
"type": "WEB",
"url": "https://go.dev/issue/58647"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2023-1595"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "nistec has Incorrect Calculation in Multiplication of unreduced P-256 scalars"
}
GHSA-FCMM-54JP-7VF6
Vulnerability from github – Published: 2023-03-21 22:31 – Updated: 2024-10-24 21:21Impact
Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost discrepancy was not accounted for in the modexp precompile, leading to possible denial of service attacks.
Patches
No fixes for num-bigint is currently available, and thus this advisory will be first fixed in the short term by raising the gas costs for even modulus, and in the long term fixing it in num-bigint or switching to another modexp implementation.
The short-term fix for Frontier is deployed at PR 1017.
The recommendations are as follows:
- If you anticipate malicious validators, it's recommended to issue an emergency runtime upgrade as soon as possible.
- If you do not anticipate malicious validators, it's recommended to issue a normal runtime upgrade, as Substrate has builtin timeout protection when validators are building blocks.
Workarounds
None.
References
A similar issue was presented in Geth's implementation and the fix can be found here.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "pallet-evm-precompile-modexp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-28431"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-21T22:31:30Z",
"nvd_published_at": "2023-03-22T21:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nFrontier\u0027s `modexp` precompile uses `num-bigint` crate under the hood. [In the implementation](https://github.com/rust-num/num-bigint/blob/6f2b8e0fc218dbd0f49bebb8db2d1a771fe6bafa/src/biguint/power.rs#L134), the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost discrepancy was not accounted for in the `modexp` precompile, leading to possible denial of service attacks.\n\n### Patches\n\nNo fixes for `num-bigint` is currently available, and thus this advisory will be first fixed in the short term by raising the gas costs for even modulus, and in the long term fixing it in `num-bigint` or switching to another modexp implementation.\n\nThe short-term fix for Frontier is deployed at [PR 1017](https://github.com/paritytech/frontier/pull/1017).\n\nThe recommendations are as follows:\n\n- If you anticipate malicious validators, it\u0027s recommended to issue an emergency runtime upgrade as soon as possible.\n- If you do not anticipate malicious validators, it\u0027s recommended to issue a normal runtime upgrade, as Substrate has builtin timeout protection when validators are building blocks.\n\n### Workarounds\n\nNone.\n\n### References\n\nA similar issue was presented in Geth\u0027s implementation and the fix can be found [here](https://go-review.googlesource.com/c/go/+/420897).\n",
"id": "GHSA-fcmm-54jp-7vf6",
"modified": "2024-10-24T21:21:00Z",
"published": "2023-03-21T22:31:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/paritytech/frontier/security/advisories/GHSA-fcmm-54jp-7vf6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28431"
},
{
"type": "WEB",
"url": "https://github.com/paritytech/frontier/pull/1017"
},
{
"type": "WEB",
"url": "https://github.com/paritytech/frontier/commit/5af12e94d7dfc8a0208a290643a800f55de7b219"
},
{
"type": "PACKAGE",
"url": "https://github.com/polkadot-evm/frontier"
},
{
"type": "WEB",
"url": "https://github.com/rust-num/num-bigint/blob/6f2b8e0fc218dbd0f49bebb8db2d1a771fe6bafa/src/biguint/power.rs#L134"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Frontier\u0027s modexp precompile is slow for even modulus"
}
Mitigation
Understand your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation.
Mitigation MIT-8
Strategy: Input Validation
Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
Mitigation
Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity.
Mitigation
Strategy: Language Selection
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation
Strategy: Libraries or Frameworks
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation MIT-26
Strategy: Compilation or Build Hardening
Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
CAPEC-128: Integer Attacks
An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.
CAPEC-129: Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.