CVE-2022-37450
MEDIUM EXPLOITED IN THE WILDGo Ethereum <1.10.21 - Info Disclosure
Title source: llmExploitation Summary
CVE-2022-37450 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/ethereum/go-ethereum/blob/671094279e8d27f4b4c3c94bf8b636c26b473976/core/forkchoice.go#L91-L94
Various Sources x_refsource_misc
https://medium.com/%40aviv.yaish/uncle-maker-time-stamping-out-the-competition-in-ethereum-d27c1cb62fef
Broken Link x_refsource_misc
http://dx.doi.org/10.13140/RG.2.2.27813.99043
Third Party Advisory x_refsource_misc
https://news.ycombinator.com/item?id=32354896
Scores
CVSS v3
5.9
EPSS
0.0100
EPSS Percentile
58.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
VulnCheck KEV
2022-01-03
InTheWild.io
2022-04-07
Status
published
Products (2)
ethereum/go-ethereum
0Go
ethereum/go_ethereum
< 1.10.21
Published
Aug 05, 2022
Tracked Since
Feb 18, 2026