VYPR

Besu

by Hyperledger

Source repositories

CVEs (5)

  • CVE-2025-30147HigMay 7, 2025
    risk 0.50cvss epss 0.00

    Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles…

  • CVE-2015-20112LowJun 29, 2025
    risk 0.15cvss 3.4epss 0.00

    RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network.

  • CVE-2022-36025Sep 24, 2022
    risk 0.00cvss epss 0.01

    Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including…

  • CVE-2021-41272Dec 13, 2021
    risk 0.00cvss epss 0.01

    Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart…

  • CVE-2021-21369Mar 9, 2021
    risk 0.00cvss epss 0.01

    Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API…