Common Weakness Enumeration

CWE-682

Discouraged

Incorrect Calculation

Abstraction: Pillar · Status: Draft

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

159 vulnerabilities reference this CWE, most recent first.

GHSA-MF74-QWPW-GJ2W

Vulnerability from github – Published: 2025-09-25 18:30 – Updated: 2025-09-29 18:33
VLAI
Details

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55552"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190",
      "CWE-682"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-25T16:15:34Z",
    "severity": "MODERATE"
  },
  "details": "pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.",
  "id": "GHSA-mf74-qwpw-gj2w",
  "modified": "2025-09-29T18:33:12Z",
  "published": "2025-09-25T18:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55552"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pytorch/pytorch/issues/147847"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P35R-5HV5-759H

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14
VLAI
Details

In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34573"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-16T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and \"no flow\" are not reconized or misinterpreted. This may lead to wrong values and missing events.",
  "id": "GHSA-p35r-5hv5-759h",
  "modified": "2022-05-24T19:14:51Z",
  "published": "2022-05-24T19:14:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34573"
    },
    {
      "type": "WEB",
      "url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34573.en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-P44M-V46W-3VP6

Vulnerability from github – Published: 2022-12-06 00:30 – Updated: 2022-12-09 03:30
VLAI
Details

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-35258"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-128",
      "CWE-682"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-05T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.",
  "id": "GHSA-p44m-v46w-3vp6",
  "modified": "2022-12-09T03:30:25Z",
  "published": "2022-12-06T00:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35258"
    },
    {
      "type": "WEB",
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P72V-37H5-753V

Vulnerability from github – Published: 2025-06-03 15:31 – Updated: 2025-06-03 21:30
VLAI
Details

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4435"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-03T13:15:20Z",
    "severity": "HIGH"
  },
  "details": "When using a TarFile.errorlevel = 0\u00a0and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0\u00a0in affected versions is that the member would still be extracted and not skipped.",
  "id": "GHSA-p72v-37h5-753v",
  "modified": "2025-06-03T21:30:36Z",
  "published": "2025-06-03T15:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4435"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/issues/135034"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/pull/135037"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
    },
    {
      "type": "WEB",
      "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P9RF-64QJ-22RW

Vulnerability from github – Published: 2024-11-26 18:38 – Updated: 2025-07-23 21:36
VLAI
Details

There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11407"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-26T17:15:22Z",
    "severity": "MODERATE"
  },
  "details": "There exists a denial of service through Data corruption in gRPC-C++ -\u00a0gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit\u00a0e9046b2bbebc0cb7f5dc42008f807f6c7e98e791",
  "id": "GHSA-p9rf-64qj-22rw",
  "modified": "2025-07-23T21:36:43Z",
  "published": "2024-11-26T18:38:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11407"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PFMV-2R4F-J9MJ

Vulnerability from github – Published: 2022-02-10 00:01 – Updated: 2025-05-05 18:30
VLAI
Details

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-45960"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-682"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-01T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).",
  "id": "GHSA-pfmv-2r4f-j9mj",
  "modified": "2025-05-05T18:30:48Z",
  "published": "2022-02-10T00:01:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libexpat/libexpat/issues/531"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libexpat/libexpat/pull/534"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202209-24"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220121-0004"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5073"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2022-05"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGRC-MVJG-QFR7

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2024-04-04 02:23
VLAI
Details

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-17514"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-12T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated \"finds all the pathnames matching a specified pattern according to the rules used by the Unix shell,\" one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.",
  "id": "GHSA-pgrc-mvjg-qfr7",
  "modified": "2024-04-04T02:23:36Z",
  "published": "2022-05-24T16:58:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17514"
    },
    {
      "type": "WEB",
      "url": "https://bugs.python.org/issue33275"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L380"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L405"
    },
    {
      "type": "WEB",
      "url": "https://pubs.acs.org/doi/full/10.1021/acs.orglett.9b03216"
    },
    {
      "type": "WEB",
      "url": "https://pubs.acs.org/doi/suppl/10.1021/acs.orglett.9b03216/suppl_file/ol9b03216_si_002.zip"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191107-0005"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/LucasCMoore/status/1181615421922824192"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/chris_bloke/status/1181997278136958976"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4428-1"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20150822013622/https://docs.python.org/3/library/glob.html"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20150906020027/https://docs.python.org/2.7/library/glob.html"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20160309211341/https://docs.python.org/3/library/glob.html"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20160526201356/https://docs.python.org/2.7/library/glob.html"
    },
    {
      "type": "WEB",
      "url": "https://www.vice.com/en_us/article/zmjwda/a-code-glitch-may-have-caused-errors-in-more-than-100-published-studies"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PXV8-QHRH-JC7V

Vulnerability from github – Published: 2024-06-06 18:21 – Updated: 2024-09-06 21:40
VLAI
Summary
evmos allows transferring unvested tokens after delegations
Details

Impact

This advisory has been created to address the following vulnerabilities found in the Evmos codebase and affecting vesting accounts.

Wrong spendable balance computation

The spendable balance is not updated properly when delegating vested tokens. The following example help in describing the issue: - Given a clawback vesting account with a starting 15M vesting schedule. The initial spendable balance is 0. - Time passes and 5M are vested. The spendable balance is now 5M. - The account delegate 5M. The spendable balance should be 0, but returns 5M - The account can send 5M to another account.

The issue allowed a clawback vesting account to anticipate the release of unvested tokens.

Missing precompile checks

Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks performed on the two implementation are different.

The vulnerability discovered allowed a clawback account to bypass Cosmos ante handler checks by sending an Ethereum transaction targeting a precompile used to interact with a Cosmos SDK module.

Missing create validator check

This vulnerability allowed a user to create a validator using vested tokens to deposit the self-bond.

Patches

  • The spendable balance function has been fixed correcting the TrackDelegation function.
  • The checks for the staking module, for the delegation and the create validator, has been moved into the MsgServer of a wrapper around the Cosmos SDK staking module.

The issues have been patched in versions >=V18.0.0.

References

  1. Evmos vesting module

For more information

If you have any questions or comments about this advisory:

Reach out to the Core Team in Discord Open a discussion in evmos/evmos Email us at security@evmos.org for security questions

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 17.0.1"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/evmos/evmos/v17"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "18.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 16.0.4"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/evmos/evmos/v16"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "18.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 15.0.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/evmos/evmos/v15"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "18.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 14.1.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/evmos/evmos/v14"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "18.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 13.0.2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/evmos/evmos/v13"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "18.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 12.1.6"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/evmos/evmos/v12"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "18.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 11.0.2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/evmos/evmos/v11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "18.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 10.0.1"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/evmos/evmos/v10"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "18.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.1.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/evmos/evmos/v9"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "18.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 8.2.3"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/evmos/evmos/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "18.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 7.0.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/evmos/evmos/v7"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "18.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.0.4"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/evmos/evmos/v6"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "18.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-32873"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-06T18:21:05Z",
    "nvd_published_at": "2024-06-06T19:15:56Z",
    "severity": "LOW"
  },
  "details": "## Impact\n\nThis advisory has been created to address the following vulnerabilities found in the Evmos codebase and affecting vesting accounts.\n\n### Wrong spendable balance computation\n\nThe spendable balance is not updated properly when delegating vested tokens. The following example help in describing the issue:\n- Given a clawback vesting account with a starting `15M` vesting schedule. The initial spendable balance is `0`.\n- Time passes and `5M` are vested. The spendable balance is now `5M`.\n- The account delegate `5M`. The spendable balance should be `0`, but returns `5M`\n- The account can send `5M` to another account.\n\nThe issue allowed a clawback vesting account to anticipate the release of unvested tokens.\n\n### Missing precompile checks\n\nPreliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks performed on the two implementation are different.\n\nThe vulnerability discovered allowed a clawback account to bypass Cosmos ante handler checks by sending an Ethereum transaction targeting a precompile used to interact with a Cosmos SDK module.\n\n### Missing create validator check\n\nThis vulnerability allowed a user to create a validator using vested tokens to deposit the self-bond.\n\n## Patches\n\n- The spendable balance function has been fixed correcting the `TrackDelegation` function.\n- The checks for the staking module, for the delegation and the create validator, has been moved into the `MsgServer` of a wrapper around the Cosmos SDK staking module. \n\nThe issues have been patched in versions \u003e=V18.0.0.\n\n## References\n1. [Evmos vesting module](https://docs.evmos.org/protocol/modules/vesting)\n\n## For more information\nIf you have any questions or comments about this advisory:\n\nReach out to the Core Team in [Discord](https://discord.gg/evmos)\nOpen a discussion in [evmos/evmos](https://github.com/evmos/evmos/discussions)\nEmail us at [security@evmos.org](mailto:security@evmos.org) for security questions",
  "id": "GHSA-pxv8-qhrh-jc7v",
  "modified": "2024-09-06T21:40:06Z",
  "published": "2024-06-06T18:21:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/evmos/evmos/security/advisories/GHSA-pxv8-qhrh-jc7v"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32873"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37158"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37159"
    },
    {
      "type": "WEB",
      "url": "https://github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/evmos/evmos"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2024-2891"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "evmos allows transferring unvested tokens after delegations"
}

GHSA-Q29P-9PFR-J652

Vulnerability from github – Published: 2026-03-26 17:59 – Updated: 2026-03-26 17:59
VLAI
Summary
libcrux-sha3: Incorrect output from SHAKE squeeze functions
Details

The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE (168 for SHAKE128, 136 for SHAKE256) bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF output.

Impact

This bug impacts users that rely on this XOF API to squeeze more than RATE bytes. It does not impact the use of libcrux-sha3 in libcrux-ml-kem or libcrux-ml-dsa.

Mitigation

Starting from version 0.0.8 the squeeze functions correctly output all blocks including the first block.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "libcrux-sha3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-26T17:59:34Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than `RATE` (168 for SHAKE128, 136 for SHAKE256) bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of `RATE` bytes of valid XOF output.\n\n## Impact\nThis bug impacts users that rely on this XOF API to squeeze more than `RATE` bytes. It does not impact the use of libcrux-sha3 in libcrux-ml-kem or libcrux-ml-dsa.\n\n## Mitigation\nStarting from version `0.0.8` the squeeze functions correctly output all blocks including the first block.",
  "id": "GHSA-q29p-9pfr-j652",
  "modified": "2026-03-26T17:59:34Z",
  "published": "2026-03-26T17:59:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cryspen/libcrux/pull/1352"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cryspen/libcrux"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0074.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "libcrux-sha3: Incorrect output from SHAKE squeeze functions"
}

GHSA-Q5C9-W6W2-M4FW

Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02
VLAI
Details

A vulnerability has been identified in SCALANCE XM-400 Family (All versions < V6.4), SCALANCE XR-500 Family (All versions < V6.4). The OSPF protocol implementation in affected devices incorrectly handles the number of LSA fields in combination with other modified fields. An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-28393"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-12T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SCALANCE XM-400 Family (All versions \u003c V6.4), SCALANCE XR-500 Family (All versions \u003c V6.4). The OSPF protocol implementation in affected devices incorrectly handles the number of LSA fields in combination with other modified fields. An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.",
  "id": "GHSA-q5c9-w6w2-m4fw",
  "modified": "2022-05-24T19:02:15Z",
  "published": "2022-05-24T19:02:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28393"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-116379.pdf"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Implementation

Understand your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation.

Mitigation MIT-8
Implementation

Strategy: Input Validation

Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.

Mitigation
Implementation

Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity.

Mitigation
Architecture and Design

Strategy: Language Selection

  • Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation
Architecture and Design

Strategy: Libraries or Frameworks

  • Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation MIT-26
Implementation

Strategy: Compilation or Build Hardening

Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.

CAPEC-128: Integer Attacks

An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.

CAPEC-129: Pointer Manipulation

This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.