CVE-2024-37158

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-691
View all →

Vulnerability Description

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks performed on the two implementation are different. The vulnerability discovered allowed a clawback account to bypass Cosmos ante handler checks by sending an Ethereum transaction targeting a precompile used to interact with a Cosmos SDK module. This vulnerability is fixed in 18.0.0.

Related Vulnerabilities

CVE-2021-4106

HIGH
CVSS:7.8(High)

A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0

CWE-6912021

CVE-2022-46828

HIGH
CVSS:7.8(High)

In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.

CWE-6912022

CVE-2022-48481

HIGH
CVSS:7.8(High)

In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible

CWE-6912022

CVE-2024-29079

MEDIUM
CVSS:7.8(High)

Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-6912024

CVE-2022-20697

HIGH
CVSS:8.6(High)

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerabi...

CWE-6912022

CVE-2023-20559

HIGH
CVSS:8.8(High)

Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.

CWE-6912023