CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-39354

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Prior to version 0.36.0, the passed `is_static` parameter was incorrect -- it was only set to `true` if the call came from a direct `STATICCALL` opcode. However, once a static call context is entered, it should stay static. The issue only impacts custom precompiles that actually uses `is_static`. For those affected, the issue can lead to possible incorrect state transitions. Version 0.36.0 contains a patch. There are no known workarounds.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.4%

CVSS Severity

CVSS v3 Score 5.9

References

Products affected by CVE-2022-39354

Evm Project » Evm » Version: N/A

cpe:2.3:a:evm_project:evm:-
Evm Project » Evm » Version: 0.11.0

cpe:2.3:a:evm_project:evm:0.11.0
Evm Project » Evm » Version: 0.11.1

cpe:2.3:a:evm_project:evm:0.11.1
Evm Project » Evm » Version: 0.13.0

cpe:2.3:a:evm_project:evm:0.13.0
Evm Project » Evm » Version: 0.13.1

cpe:2.3:a:evm_project:evm:0.13.1
Evm Project » Evm » Version: 0.14.0

cpe:2.3:a:evm_project:evm:0.14.0
Evm Project » Evm » Version: 0.14.1

cpe:2.3:a:evm_project:evm:0.14.1
Evm Project » Evm » Version: 0.14.2

cpe:2.3:a:evm_project:evm:0.14.2
Evm Project » Evm » Version: 0.15.0

cpe:2.3:a:evm_project:evm:0.15.0
Evm Project » Evm » Version: 0.16.0

cpe:2.3:a:evm_project:evm:0.16.0
Evm Project » Evm » Version: 0.16.1

cpe:2.3:a:evm_project:evm:0.16.1
Evm Project » Evm » Version: 0.17.0

cpe:2.3:a:evm_project:evm:0.17.0
Evm Project » Evm » Version: 0.17.1

cpe:2.3:a:evm_project:evm:0.17.1
Evm Project » Evm » Version: 0.17.2

cpe:2.3:a:evm_project:evm:0.17.2
Evm Project » Evm » Version: 0.17.3

cpe:2.3:a:evm_project:evm:0.17.3
Evm Project » Evm » Version: 0.18.0

cpe:2.3:a:evm_project:evm:0.18.0
Evm Project » Evm » Version: 0.18.3

cpe:2.3:a:evm_project:evm:0.18.3
Evm Project » Evm » Version: 0.18.4

cpe:2.3:a:evm_project:evm:0.18.4
Evm Project » Evm » Version: 0.18.5

cpe:2.3:a:evm_project:evm:0.18.5
Evm Project » Evm » Version: 0.19.0

cpe:2.3:a:evm_project:evm:0.19.0
Evm Project » Evm » Version: 0.20.0

cpe:2.3:a:evm_project:evm:0.20.0
Evm Project » Evm » Version: 0.21.0

cpe:2.3:a:evm_project:evm:0.21.0
Evm Project » Evm » Version: 0.22.0

cpe:2.3:a:evm_project:evm:0.22.0
Evm Project » Evm » Version: 0.22.1

cpe:2.3:a:evm_project:evm:0.22.1
Evm Project » Evm » Version: 0.23.0

cpe:2.3:a:evm_project:evm:0.23.0
Evm Project » Evm » Version: 0.24.0

cpe:2.3:a:evm_project:evm:0.24.0
Evm Project » Evm » Version: 0.25.0

cpe:2.3:a:evm_project:evm:0.25.0
Evm Project » Evm » Version: 0.26.0

cpe:2.3:a:evm_project:evm:0.26.0
Evm Project » Evm » Version: 0.27.0

cpe:2.3:a:evm_project:evm:0.27.0
Evm Project » Evm » Version: 0.28.0

cpe:2.3:a:evm_project:evm:0.28.0
Evm Project » Evm » Version: 0.29.0

cpe:2.3:a:evm_project:evm:0.29.0
Evm Project » Evm » Version: 0.30.0

cpe:2.3:a:evm_project:evm:0.30.0
Evm Project » Evm » Version: 0.30.1

cpe:2.3:a:evm_project:evm:0.30.1
Evm Project » Evm » Version: 0.31.0

cpe:2.3:a:evm_project:evm:0.31.0
Evm Project » Evm » Version: 0.31.1

cpe:2.3:a:evm_project:evm:0.31.1
Evm Project » Evm » Version: 0.34.0

cpe:2.3:a:evm_project:evm:0.34.0
Evm Project » Evm » Version: 0.35.0

cpe:2.3:a:evm_project:evm:0.35.0
Evm Project » Evm » Version: 0.6.2

cpe:2.3:a:evm_project:evm:0.6.2
Evm Project » Evm » Version: 0.7.0

cpe:2.3:a:evm_project:evm:0.7.0
Evm Project » Evm » Version: 0.7.1

cpe:2.3:a:evm_project:evm:0.7.1
Evm Project » Evm » Version: 0.9.2

cpe:2.3:a:evm_project:evm:0.9.2
Evm Project » Evm » Version: 0.9.3

cpe:2.3:a:evm_project:evm:0.9.3
Evm Project » Evm » Version: 0.9.4

cpe:2.3:a:evm_project:evm:0.9.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-39354

Products

Pricing

Contact Us