CVE-2021-25837 — HIGH (7.5)

Q: How severe is CVE-2021-25837?

CVE-2021-25837 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-25837?

Check the references section above for vendor advisories and patch information. Affected products include: Chainsafe Ethermint.

Vulnerability Description

Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an "arbitrary mint token".

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Chainsafe	Ethermint	<= 0.4.0

References

https://github.com/cosmos/ethermint/issues/667#issuecomment-759284107ExploitThird Party Advisory
https://github.com/cosmos/ethermint/issues/667#issuecomment-759284107ExploitThird Party Advisory

FAQ

What is CVE-2021-25837?

CVE-2021-25837 is a vulnerability with a CVSS score of 7.5 (HIGH). Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage chang...

How severe is CVE-2021-25837?

CVE-2021-25837 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-25837?

Check the references section above for vendor advisories and patch information. Affected products include: Chainsafe Ethermint.