How severe is CVE-2022-36061?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-36061?

This is classified as CWE-665, which is a common weakness in software security.

CVE-2022-36061

CRITICAL Year: 2022

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-665

View all →

Vulnerability Description

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds.

CVE-2008-0062

CRITICAL

CVSS:9.8(Critical)

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via c...

CWE-6652008

CVE-2015-8367

CRITICAL

CVSS:9.8(Critical)

The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.

CWE-6652015

CVE-2017-13715

CRITICAL

CVSS:9.8(Critical)

The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a ...

CWE-6652017

CVE-2018-11949

CRITICAL

CVSS:9.8(Critical)

Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobil...

CWE-6652018

CVE-2019-10196

CRITICAL

CVSS:9.8(Critical)

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Den...

CWE-6652019

CVE-2019-14271

CRITICAL

CVSS:9.8(Critical)

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the content...

CWE-6652019

CVE-2022-36061

Vulnerability Description

Related Vulnerabilities

CVE-2008-0062

CVE-2015-8367

CVE-2017-13715

CVE-2018-11949

CVE-2019-10196

CVE-2019-14271