CVE-2022-37450

MEDIUM EXPLOITED IN THE WILD

Go Ethereum <1.10.21 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-37450 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022.

Scores

CVSS v3 5.9
EPSS 0.0100
EPSS Percentile 58.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

VulnCheck KEV 2022-01-03
InTheWild.io 2022-04-07
Status published
Products (2)
ethereum/go-ethereum 0Go
ethereum/go_ethereum < 1.10.21
Published Aug 05, 2022
Tracked Since Feb 18, 2026