How severe is CVE-2021-46320?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-46320?

This is classified as CWE-665, which is a common weakness in software security.

CVE-2021-46320

Q: What is CVE-2021-46320?

In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution.

HIGH Year: 2021

CVSS v3 Score

7.5

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-665

View all →

Vulnerability Description

In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution.

CVE-2011-4087

HIGH

CVSS:7.5(High)

The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial o...

CWE-6652011

CVE-2013-1634

HIGH

CVSS:7.5(High)

A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing ...

CWE-6652013

CVE-2016-9446

HIGH

CVSS:7.5(High)

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that ...

CWE-6652016

CVE-2018-16058

HIGH

CVSS:7.5(High)

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data stru...

CWE-6652018

CVE-2018-20022

HIGH

CVSS:7.5(High)

LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can ...

CWE-6652018

CVE-2018-20023

HIGH

CVSS:7.5(High)

LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse fo...

CWE-6652018

CVE-2021-46320

Vulnerability Description

Related Vulnerabilities

CVE-2011-4087

CVE-2013-1634

CVE-2016-9446

CVE-2018-16058

CVE-2018-20022

CVE-2018-20023