What is CVE-2022-31153?

CVE-2022-31153 is a medium-severity vulnerability in Openzeppelin Cairo-contracts, classified under CWE-664. CVSS score: 6.5/10. Published 2022-07-15.

How severe is CVE-2022-31153?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2022-31153 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Openzeppelin Cairo-contracts

CVE-2022-31153

OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue a…

EPSS: 0.011 (78.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Openzeppelin Cairo-contracts — versions = 0.2.0

Weakness classification (CWE)

CWE-664

Public proof-of-concept exploits

References

github.com/OpenZeppelin/cairo-contracts/security/advisories/GHSA-8mjr-jr5h-q2xr (x_refsource_CONFIRM)
github.com/OpenZeppelin/cairo-contracts/issues/386 (x_refsource_MISC)
github.com/OpenZeppelin/cairo-contracts/pull/387 (x_refsource_MISC)
github.com/OpenZeppelin/cairo-contracts/commit/2cd60279c3332285d47edf9ee3888b71… (x_refsource_MISC)
github.com/OpenZeppelin/cairo-contracts/blob/release-0.2.0/src/openzeppelin/acc… (x_refsource_MISC)
github.com/OpenZeppelin/cairo-contracts/releases/tag/v0.2.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31153?: CVE-2022-31153 is a medium-severity vulnerability in Openzeppelin Cairo-contracts, classified under CWE-664. CVSS score: 6.5/10. Published 2022-07-15.
How severe is CVE-2022-31153?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2022-31153 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.