Moderate severityNVD Advisory· Published Aug 5, 2022· Updated Aug 3, 2024
CVE-2022-37450
CVE-2022-37450
Description
Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ethereum/go-ethereumGo | <= 1.10.21 | — |
Affected products
2- Go Ethereum/Go Ethereumdescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-rqmg-hrg4-fm69ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-37450ghsaADVISORY
- dx.doi.org/10.13140/RG.2.2.27813.99043ghsax_refsource_MISCWEB
- github.com/ethereum/go-ethereum/blob/671094279e8d27f4b4c3c94bf8b636c26b473976/core/forkchoice.goghsax_refsource_MISCWEB
- medium.com/%40aviv.yaish/uncle-maker-time-stamping-out-the-competition-in-ethereum-d27c1cb62fefmitrex_refsource_MISC
- medium.com/@aviv.yaish/uncle-maker-time-stamping-out-the-competition-in-ethereum-d27c1cb62fefghsaWEB
- news.ycombinator.com/itemghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.