Vulnerability Details : CVE-2022-47547

GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages.

Published 2022-12-19 09:15:10

Updated 2023-01-04 15:33:56

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-47547

Probability of exploitation activity in the next 30 days: 0.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 27 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-47547

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	3.9	1.4	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

CWE ids for CVE-2022-47547

CWE-281 Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Assigned by: [email protected] (Primary)

References for CVE-2022-47547

https://arxiv.org/pdf/2212.05197.pdf

Exploit;Technical Description;Third Party Advisory

Products affected by CVE-2022-47547

Protocol » Gossipsub » Version: 1.1
cpe:2.3:a:protocol:gossipsub:1.1:*:*:*:*:*:*:*
Matching versions