What is CVE-2022-36025?

CVE-2022-36025 is a critical-severity vulnerability in Hyperledger Besu, classified under Incorrect Conversion between Numeric Types. CVSS score: 9.1/10. Published 2022-09-24.

How severe is CVE-2022-36025?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Hyperledger Besu

CVE-2022-36025

Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in…

EPSS: 0.007 (72.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H.

Affected products

Hyperledger Besu — versions > 22.1.3, < 22.7.1

Weakness classification (CWE)

CWE-681 — Incorrect Conversion between Numeric Types
CWE-196

References

github.com/hyperledger/besu/security/advisories/GHSA-4456-w38r-m53x (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-36025?: CVE-2022-36025 is a critical-severity vulnerability in Hyperledger Besu, classified under Incorrect Conversion between Numeric Types. CVSS score: 9.1/10. Published 2022-09-24.
How severe is CVE-2022-36025?: Critical severity. CVSS v3 base score is 9.1 out of 10.