Besu
by Hyperledger
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-30147 | Hig | 0.50 | — | 0.00 | May 7, 2025 | Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles… | ||
| CVE-2015-20112 | Low | 0.15 | 3.4 | 0.00 | Jun 29, 2025 | RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network. | ||
| CVE-2022-36025 | 0.00 | — | 0.01 | Sep 24, 2022 | Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including… | |||
| CVE-2021-41272 | 0.00 | — | 0.01 | Dec 13, 2021 | Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart… | |||
| CVE-2021-21369 | 0.00 | — | 0.01 | Mar 9, 2021 | Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API… |
- risk 0.50cvss —epss 0.00
Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles…
- risk 0.15cvss 3.4epss 0.00
RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network.
- CVE-2022-36025Sep 24, 2022risk 0.00cvss —epss 0.01
Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including…
- CVE-2021-41272Dec 13, 2021risk 0.00cvss —epss 0.01
Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart…
- CVE-2021-21369Mar 9, 2021risk 0.00cvss —epss 0.01
Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API…