Published: 21/12/2021 Updated: 05/01/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Cronos is a commercial implementation of a blockchain. In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. This problem has been patched in Cronos v0.6.5. There are no tested workarounds. All validator node operators are recommended to upgrade to Cronos v0.6.5 at their earliest possible convenience.

Vulnerable Product	Search on Vulmon	Subscribe to Product
crypto cronos
crypto ethermint
crypto evmos

Smart Contract Vulnerabilities (SCV) List

SCV-List This list highlights the accomplishments and disclosed vulnerabilities of the top white hat security experts in DeFi This list is part HackerOne leaderboard and part CVE database Contributions are welcome and it would be amazing if the crypto community could crowdsource a CVE-like database My arbitrary rules to include a vulnerability in this list (until I am convin

CWE-670 https://github.com/crypto-org-chain/cronos/pull/270 https://github.com/crypto-org-chain/cronos/security/advisories/GHSA-f854-hpxv-cw9r https://github.com/crypto-org-chain/cronos/commit/150ef237b37ac28c8136e1c0f494932860b9ebe8 https://nvd.nist.gov https://github.com/sirhashalot/SCV-List

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-43839

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect