CVE-2022-29077
CRITICALrippled < 1.8.5 - Remote Code Execution via Heap-Based Buffer Overflow
Title source: llmDescription
A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://ripple.com/
Patch, Third Party Advisory x_refsource_misc
https://github.com/ripple/rippled/compare/1.8.4...1.8.5
Release Notes, Third Party Advisory x_refsource_misc
https://xrpl.org/blog/2022/rippled-1.8.5.html
Scores
CVSS v3
9.8
EPSS
0.0210
EPSS Percentile
79.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
ripple/rippled
< 1.8.5
Published
Apr 25, 2022
Tracked Since
Feb 18, 2026