CVE-2021-25837

HIGH

Cosmos Network Ethermint <= v0.4.0 - Memory Corruption

Title source: llm

Description

Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an "arbitrary mint token".

Exploits (1)

nomisec WORKING POC 3 stars

by iczc · poc

https://github.com/iczc/Ethermint-CVE-2021-25837

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/cosmos/ethermint/issues/667#issuecomment-759284107

Scores

CVSS v3 7.5

EPSS 0.0039

EPSS Percentile 60.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Status published

Products (1)

chainsafe/ethermint < 0.4.0

Published Feb 08, 2021

Tracked Since Feb 18, 2026