Vulnerability Description
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Profanity Project | Profanity | <= 1.60 |
Related Weaknesses (CWE)
References
- https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-Third Party Advisory
- https://github.com/johguse/profanityThird Party Advisory
- https://github.com/johguse/profanity/issues/61Issue TrackingThird Party Advisory
- https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-Third Party Advisory
- https://github.com/johguse/profanityThird Party Advisory
- https://github.com/johguse/profanity/issues/61Issue TrackingThird Party Advisory
FAQ
What is CVE-2022-40769?
CVE-2022-40769 is a vulnerability with a CVSS score of 7.5 (HIGH). profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in...
How severe is CVE-2022-40769?
CVE-2022-40769 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40769?
Check the references section above for vendor advisories and patch information. Affected products include: Profanity Project Profanity.