Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05cW1tLTRtZnItcjN3as3kSA
Incorrect Calculation in solana_rbpf
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to transfer tokens or not. The vulnerability affects both integrity and may cause serious availability problems.
Permalink: https://github.com/advisories/GHSA-9qmm-4mfr-r3wjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05cW1tLTRtZnItcjN3as3kSA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Identifiers: GHSA-9qmm-4mfr-r3wj, CVE-2022-23066
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-23066
- https://github.com/solana-labs/rbpf/commit/e61e045f8c244de978401d186dcfd50838817297
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23066
- https://blocksecteam.medium.com/how-a-critical-bug-in-solana-network-was-detected-and-timely-patched-a701870e1324
- https://github.com/advisories/GHSA-9qmm-4mfr-r3wj
Blast Radius: 25.7
Affected Packages
cargo:solana_rbpf
Dependent packages: 16Dependent repositories: 668
Downloads: 1,586,086 total
Affected Version Ranges: >= 0.2.26, < 0.2.28
Fixed in: 0.2.28
All affected versions: 0.2.26, 0.2.27
All unaffected versions: 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.1.10, 0.1.11, 0.1.12, 0.1.13, 0.1.14, 0.1.15, 0.1.16, 0.1.17, 0.1.18, 0.1.19, 0.1.20, 0.1.21, 0.1.22, 0.1.23, 0.1.24, 0.1.25, 0.1.26, 0.1.27, 0.1.28, 0.1.29, 0.1.30, 0.1.31, 0.1.32, 0.1.33, 0.1.34, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.2.10, 0.2.11, 0.2.12, 0.2.13, 0.2.14, 0.2.15, 0.2.16, 0.2.17, 0.2.18, 0.2.19, 0.2.20, 0.2.21, 0.2.22, 0.2.23, 0.2.24, 0.2.25, 0.2.28, 0.2.29, 0.2.30, 0.2.31, 0.2.32, 0.2.33, 0.2.34, 0.2.35, 0.2.36, 0.2.37, 0.2.38, 0.2.39, 0.2.40, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.7.2, 0.8.0