CVE-2022-35936 Explained : Impact and Mitigation

A detailed overview of the CVE-2022-35936 affecting Ethermint.

Understanding CVE-2022-35936

This section provides insights into the vulnerability discovered in Ethermint.

What is CVE-2022-35936?

CVE-2022-35936 relates to an issue in Ethermint versions before v0.17.2 that causes contracts to stop working if a specific bytecode is invoked, leading to Denial of Service (DoS) vulnerabilities.

The Impact of CVE-2022-35936

The vulnerability allows an attacker to disrupt applications on Ethermint, potentially leading to service interruptions.

Technical Details of CVE-2022-35936

Learn about the specific technical aspects of the CVE-2022-35936 vulnerability.

Vulnerability Description

The bug in the

DeleteAccount

function causes contracts sharing identical bytecode to malfunction when one contract invokes the

selfdestruct

opcode.

Affected Systems and Versions

Ethermint versions up to v0.17.2 are affected by this vulnerability.

Exploitation Mechanism

By invoking

selfdestruct

on a contract, the corresponding bytecode is removed, impacting other contracts sharing the same

CodeHash

.

Mitigation and Prevention

Discover the necessary steps to mitigate and prevent the CVE-2022-35936 vulnerability.

Immediate Steps to Take

Users should upgrade to Ethermint version v0.18.0 to address this vulnerability and follow a coordinated upgrade procedure due to significant changes.

Long-Term Security Practices

To enhance security, users should regularly update their systems and implement robust security measures.

Patching and Updates

Keep the Ethermint library updated with the latest patches and security enhancements to prevent exploitation of known vulnerabilities.