Vulnerabilities > CVE-2022-36061 - Improper Initialization vulnerability in Elrond GO

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

elrond

CWE-665

critical

NVD

Published: 2022-09-06

Updated: 2022-09-09

Summary

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds.

Vulnerable Configurations

Part	Description	Count
Application	Elrond Elrond Elrond GO - Elrond Elrond GO 0.0.4 Elrond Elrond GO 0.0.5 Elrond Elrond GO 1.0.1 Elrond Elrond GO 1.0.2 Elrond Elrond GO 1.0.3 Elrond Elrond GO 1.0.4 Elrond Elrond GO 1.0.5 Elrond Elrond GO 1.0.6 Elrond Elrond GO 1.0.7 Elrond Elrond GO 1.0.8 Elrond Elrond GO 1.0.11 Elrond Elrond GO 1.0.12 Elrond Elrond GO 1.0.13 Elrond Elrond GO 1.0.14 Elrond Elrond GO 1.0.15 Elrond Elrond GO 1.0.16 Elrond Elrond GO 1.0.17 Elrond Elrond GO 1.0.19 Elrond Elrond GO 1.0.20 Elrond Elrond GO 1.0.23 Elrond Elrond GO 1.0.24 Elrond Elrond GO 1.0.25 Elrond Elrond GO 1.0.28 Elrond Elrond GO 1.0.29 Elrond Elrond GO 1.0.30 Elrond Elrond GO 1.0.31 Elrond Elrond GO 1.0.33 Elrond Elrond GO 1.0.34 Elrond Elrond GO 1.0.35 Elrond Elrond GO 1.0.36 Elrond Elrond GO 1.0.37 Elrond Elrond GO 1.0.38 Elrond Elrond GO 1.0.39 Elrond Elrond GO 1.0.40 Elrond Elrond GO 1.0.41 Elrond Elrond GO 1.0.42 Elrond Elrond GO 1.0.44 Elrond Elrond GO 1.0.45 Elrond Elrond GO 1.0.47 Elrond Elrond GO 1.0.48 Elrond Elrond GO 1.0.49 Elrond Elrond GO 1.0.50 Elrond Elrond GO 1.0.51 Elrond Elrond GO 1.0.52 Elrond Elrond GO 1.0.53 Elrond Elrond GO 1.0.54 Elrond Elrond GO 1.0.55 Elrond Elrond GO 1.0.56 Elrond Elrond GO 1.0.57 Elrond Elrond GO 1.0.58 Elrond Elrond GO 1.0.59 Elrond Elrond GO 1.0.60 Elrond Elrond GO 1.0.61 Elrond Elrond GO 1.0.62 Elrond Elrond GO 1.0.63 Elrond Elrond GO 1.0.64 Elrond Elrond GO 1.0.65 Elrond Elrond GO 1.0.66 Elrond Elrond GO 1.0.67 Elrond Elrond GO 1.0.68 Elrond Elrond GO 1.0.69 Elrond Elrond GO 1.0.70 Elrond Elrond GO 1.0.71 Elrond Elrond GO 1.0.72 Elrond Elrond GO 1.0.73 Elrond Elrond GO 1.0.74 Elrond Elrond GO 1.0.75 Elrond Elrond GO 1.0.76 Elrond Elrond GO 1.0.77 Elrond Elrond GO 1.0.78 Elrond Elrond GO 1.0.79 Elrond Elrond GO 1.0.80 Elrond Elrond GO 1.0.81 Elrond Elrond GO 1.0.82 Elrond Elrond GO 1.0.83 Elrond Elrond GO 1.0.84 Elrond Elrond GO 1.0.85 Elrond Elrond GO 1.0.86 Elrond Elrond GO 1.0.87 Elrond Elrond GO 1.0.88 Elrond Elrond GO 1.0.89 Elrond Elrond GO 1.0.91 Elrond Elrond GO 1.0.92 Elrond Elrond GO 1.0.93 Elrond Elrond GO 1.0.94 Elrond Elrond GO 1.0.95 Elrond Elrond GO 1.0.96 Elrond Elrond GO 1.0.97 Elrond Elrond GO 1.0.98 Elrond Elrond GO 1.0.99 Elrond Elrond GO 1.0.100 Elrond Elrond GO 1.0.101 Elrond Elrond GO 1.0.102 Elrond Elrond GO 1.0.103 Elrond Elrond GO 1.0.104 Elrond Elrond GO 1.0.105 Elrond Elrond GO 1.0.106 Elrond Elrond GO 1.0.107 Elrond Elrond GO 1.0.108 Elrond Elrond GO 1.0.109 Elrond Elrond GO 1.0.110 Elrond Elrond GO 1.0.111 Elrond Elrond GO 1.0.112 Elrond Elrond GO 1.0.113 Elrond Elrond GO 1.0.114 Elrond Elrond GO 1.0.115 Elrond Elrond GO 1.0.116 Elrond Elrond GO 1.0.117 Elrond Elrond GO 1.0.118 Elrond Elrond GO 1.0.120 Elrond Elrond GO 1.0.121 Elrond Elrond GO 1.0.122 Elrond Elrond GO 1.0.123 Elrond Elrond GO 1.0.124 Elrond Elrond GO 1.0.125 Elrond Elrond GO 1.0.126 Elrond Elrond GO 1.0.127 Elrond Elrond GO 1.0.128 Elrond Elrond GO 1.0.129 Elrond Elrond GO 1.0.130 Elrond Elrond GO 1.0.131 Elrond Elrond GO 1.0.132 Elrond Elrond GO 1.0.133 Elrond Elrond GO 1.0.134 Elrond Elrond GO 1.0.135 Elrond Elrond GO 1.0.136 Elrond Elrond GO 1.0.137 Elrond Elrond GO 1.0.138 Elrond Elrond GO 1.0.139 Elrond Elrond GO 1.0.140 Elrond Elrond GO 1.0.141 Elrond Elrond GO 1.0.142 Elrond Elrond GO 1.0.143 Elrond Elrond GO 1.0.144 Elrond Elrond GO 1.0.145 Elrond Elrond GO 1.0.146 Elrond Elrond GO 1.0.147 Elrond Elrond GO 1.0.148 Elrond Elrond GO 1.0.149 Elrond Elrond GO 1.0.150 Elrond Elrond GO 1.1.0 Elrond Elrond GO 1.1.1 Elrond Elrond GO 1.1.2 Elrond Elrond GO 1.1.3 Elrond Elrond GO 1.1.4 Elrond Elrond GO 1.1.5 Elrond Elrond GO 1.1.6 Elrond Elrond GO 1.1.7 Elrond Elrond GO 1.1.8 Elrond Elrond GO 1.1.9 Elrond Elrond GO 1.1.10 Elrond Elrond GO 1.1.11 Elrond Elrond GO 1.1.12 Elrond Elrond GO 1.1.13 Elrond Elrond GO 1.1.14 Elrond Elrond GO 1.1.15 Elrond Elrond GO 1.1.16 Elrond Elrond GO 1.1.17 Elrond Elrond GO 1.1.18 Elrond Elrond GO 1.1.19 Elrond Elrond GO 1.1.20 Elrond Elrond GO 1.1.21 Elrond Elrond GO 1.1.22 Elrond Elrond GO 1.1.23 Elrond Elrond GO 1.1.24 Elrond Elrond GO 1.1.25 Elrond Elrond GO 1.1.26 Elrond Elrond GO 1.1.27 Elrond Elrond GO 1.1.28 Elrond Elrond GO 1.1.29 Elrond Elrond GO 1.1.30 Elrond Elrond GO 1.1.31 Elrond Elrond GO 1.1.32 Elrond Elrond GO 1.1.33 Elrond Elrond GO 1.1.34 Elrond Elrond GO 1.1.35 Elrond Elrond GO 1.1.36 Elrond Elrond GO 1.1.37 Elrond Elrond GO 1.1.38 Elrond Elrond GO 1.1.39 Elrond Elrond GO 1.1.40 Elrond Elrond GO 1.1.41 Elrond Elrond GO 1.1.42 Elrond Elrond GO 1.1.43 Elrond Elrond GO 1.1.44 Elrond Elrond GO 1.1.45 Elrond Elrond GO 1.1.46 Elrond Elrond GO 1.1.47 Elrond Elrond GO 1.1.48 Elrond Elrond GO 1.1.49 Elrond Elrond GO 1.1.50 Elrond Elrond GO 1.1.51 Elrond Elrond GO 1.1.52 Elrond Elrond GO 1.1.53 Elrond Elrond GO 1.1.54 Elrond Elrond GO 1.1.55 Elrond Elrond GO 1.1.56 Elrond Elrond GO 1.1.57 Elrond Elrond GO 1.1.58 Elrond Elrond GO 1.1.59 Elrond Elrond GO 1.1.60 Elrond Elrond GO 1.1.61 Elrond Elrond GO 1.1.62 Elrond Elrond GO 1.1.63 Elrond Elrond GO 1.1.64 Elrond Elrond GO 1.1.65 Elrond Elrond GO 1.1.66 Elrond Elrond GO 1.1.67 Elrond Elrond GO 1.2.0 Elrond Elrond GO 1.2.1 Elrond Elrond GO 1.2.2 Elrond Elrond GO 1.2.3 Elrond Elrond GO 1.2.4 Elrond Elrond GO 1.2.5 Elrond Elrond GO 1.2.7 Elrond Elrond GO 1.2.9 Elrond Elrond GO 1.2.10 Elrond Elrond GO 1.2.11 Elrond Elrond GO 1.2.12 Elrond Elrond GO 1.2.13 Elrond Elrond GO 1.2.14 Elrond Elrond GO 1.2.15 Elrond Elrond GO 1.2.16 Elrond Elrond GO 1.2.17 Elrond Elrond GO 1.2.18 Elrond Elrond GO 1.2.19 Elrond Elrond GO 1.2.20 Elrond Elrond GO 1.2.21 Elrond Elrond GO 1.2.22 Elrond Elrond GO 1.2.23 Elrond Elrond GO 1.2.24 Elrond Elrond GO 1.2.25 Elrond Elrond GO 1.2.26 Elrond Elrond GO 1.2.27 Elrond Elrond GO 1.2.28 Elrond Elrond GO 1.2.29 Elrond Elrond GO 1.2.30 Elrond Elrond GO 1.2.31 Elrond Elrond GO 1.2.32 Elrond Elrond GO 1.2.33 Elrond Elrond GO 1.2.34 Elrond Elrond GO 1.2.35 Elrond Elrond GO 1.2.36 Elrond Elrond GO 1.2.37 Elrond Elrond GO 1.2.38 Elrond Elrond GO 1.2.40 Elrond Elrond GO 1.3.0 Elrond Elrond GO 1.3.1 Elrond Elrond GO 1.3.2 Elrond Elrond GO 1.3.3 Elrond Elrond GO 1.3.4 Elrond Elrond GO 1.3.5 Elrond Elrond GO 1.3.6 Elrond Elrond GO 1.3.7 Elrond Elrond GO 1.3.8 Elrond Elrond GO 1.3.9 Elrond Elrond GO 1.3.10 Elrond Elrond GO 1.3.11 Elrond Elrond GO 1.3.12 Elrond Elrond GO 1.3.13 Elrond Elrond GO 1.3.14 Elrond Elrond GO 1.3.15 Elrond Elrond GO 1.3.16 Elrond Elrond GO 1.3.17 Elrond Elrond GO 1.3.18 Elrond Elrond GO 1.3.19 Elrond Elrond GO 1.3.20 Elrond Elrond GO 1.3.21 Elrond Elrond GO 1.3.22 Elrond Elrond GO 1.3.23 Elrond Elrond GO 1.3.24 Elrond Elrond GO 1.3.25 Elrond Elrond GO 1.3.26 Elrond Elrond GO 1.3.27 Elrond Elrond GO 1.3.28 Elrond Elrond GO 1.3.29 Elrond Elrond GO 1.3.30 Elrond Elrond GO 1.3.31 Elrond Elrond GO 1.3.32 Elrond Elrond GO 1.3.33 Elrond Elrond GO 1.3.34	297

Common Weakness Enumeration (CWE)

CWE-665 - Improper Initialization

Common Attack Pattern Enumeration and Classification (CAPEC)

Leveraging Race Conditions
This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References