CVE-2022-36058
- Source
- https://cve.org/CVERecord?id=CVE-2022-36058
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36058.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-36058
- Aliases
- Published
- 2022-09-06T20:10:09Z
- Modified
- 2026-06-18T03:56:29.495728595Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- elrond-go MultiESDTNFTTransfer call on a SC address with missing function name
- Details
-
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks (historical or actual) could encounter a
MultiESDTNFTTransfertransaction like this:MultiESDTNFTTransferwith a missing function name. Basic functionality like p2p messaging, storage, API requests and such are unaffected. Version 1.3.34 contains a fix for this issue. There are no known workarounds. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-20" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/36xxx/CVE-2022-36058.json" }- References
-
- https://github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L402
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/36xxx/CVE-2022-36058.json
- https://github.com/ElrondNetwork/elrond-go/security/advisories/GHSA-qf7j-25g9-r63f
- https://nvd.nist.gov/vuln/detail/CVE-2022-36058
- https://github.com/ElrondNetwork/elrond-go/commit/cb487fd7be2a2077638eb34ae771a73630c870c7
Affected packages
Git / github.com/multiversx/mx-chain-go
Affected ranges
- Type
- GIT
- Repo
- https://github.com/multiversx/mx-chain-go
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "cpe": "cpe:2.3:a:elrond:elrond_go:*:*:*:*:*:*:*:*", "source": [ "AFFECTED_FIELD", "CPE_RANGE", "REFERENCES" ], "extracted_events": [ { "introduced": "0" }, { "last_affected": "1.3.33" }, { "introduced": "0" }, { "fixed": "1.3.34" } ] }
Affected versions
V1.*
V1.0.6
V1.0.7
Other
test-01
v.*
v.0.5
v1.*
v1.0.1
v1.0.127
v1.0.128
v1.0.129
v1.0.13
v1.0.130
v1.0.131
v1.0.132
v1.0.133
v1.0.135
v1.0.136
v1.0.137
v1.0.138
v1.0.139
v1.0.14
v1.0.148
v1.0.150
v1.0.2
v1.0.25
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.1.0
v1.1.1
v1.1.10
v1.1.11
v1.1.12
v1.1.13
v1.1.14
v1.1.15
v1.1.16
v1.1.17
v1.1.18
v1.1.19
v1.1.2
v1.1.20
v1.1.21
v1.1.22
v1.1.23
v1.1.24
v1.1.25
v1.1.26
v1.1.27
v1.1.28
v1.1.29
v1.1.3
v1.1.30
v1.1.31
v1.1.32
v1.1.33
v1.1.34
v1.1.35
v1.1.36
v1.1.37
v1.1.38
v1.1.4
v1.1.40
v1.1.41
v1.1.43
v1.1.47
v1.1.48
v1.1.49
v1.1.50
v1.1.51
v1.1.52
v1.1.53
v1.1.54
v1.1.55
v1.1.56
v1.1.57
v1.1.58
v1.1.59
v1.1.6
v1.1.60
v1.1.61
v1.1.62
v1.1.63
v1.1.64
v1.1.7
v1.1.8
v1.1.9
v1.2.10
v1.2.11
v1.2.12
v1.2.13
v1.2.14
v1.2.16
v1.2.17
v1.2.18
v1.2.19
v1.2.20
v1.2.22
v1.2.24
v1.2.25
v1.2.26
v1.2.27
v1.2.28
v1.2.29
v1.2.30
v1.2.31
v1.2.33
v1.2.34
v1.2.5
v1.3.10
v1.3.11
v1.3.12
v1.3.13
v1.3.14
v1.3.15
v1.3.16
v1.3.17
v1.3.17-rc1
v1.3.19-rc1
v1.3.19-rc2
v1.3.23-rc1
v1.3.3
v1.3.32
v1.3.33
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9