GHSA-qf7j-25g9-r63f

Suggest an improvement
Source
https://github.com/advisories/GHSA-qf7j-25g9-r63f
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-qf7j-25g9-r63f/GHSA-qf7j-25g9-r63f.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-qf7j-25g9-r63f
Aliases
Related
Published
2022-09-01T22:24:26Z
Modified
2024-08-21T16:29:19.405845Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
elrond-go MultiESDTNFTTransfer call on a SC address with missing function name
Details

Impact

Anyone who uses elrond-go to process blocks (historical or actual) that contains a transaction like this: MultiESDTNFTTransfer@01@54444558544b4b5955532d323631626138@00@0793afc18c8da2ca@ (mind the missing function name after the last @) Basic functionality like p2p messaging, storage, API requests and such are unaffected.

Patches

Patch v1.3.34 or higher

Workarounds

No workarounds

References

For future reference, one can observe the following integration test: [provide the link to the integration test]

For more information

If you have any questions or comments about this advisory: * Open an issue in elrond-go (http://github.com/ElrondNetwork/elrond-go/issues)

Database specific 
{
    "nvd_published_at": "2022-09-06T20:15:00Z",
    "github_reviewed_at": "2022-09-01T22:24:26Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-20"
    ]
}
References

Affected packages

Go / github.com/ElrondNetwork/elrond-go

Package

Name
github.com/ElrondNetwork/elrond-go
View open source insights on deps.dev
Purl
pkg:golang/github.com/ElrondNetwork/elrond-go

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.34

Database specific 

{
    "last_known_affected_version_range": "<= 1.3.33"
}