How severe is CVE-2022-21685?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-21685?

This is classified as CWE-191, which is a common weakness in software security.

CVE-2022-21685

MEDIUM Year: 2022

CVSS v3 Score

6.5

Medium

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-191

View all →

Vulnerability Description

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549.

CVE-2017-14997

MEDIUM

CVSS:6.5(Medium)

GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.

CWE-1912017

CVE-2018-4011

MEDIUM

CVSS:6.5(Medium)

An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorr...

CWE-1912018

CVE-2021-24894

MEDIUM

CVSS:6.5(Medium)

The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated use...

CWE-1912021

CVE-2021-25121

MEDIUM

CVSS:6.5(Medium)

The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such ...

CWE-1912021

CVE-2021-41821

MEDIUM

CVSS:6.5(Medium)

Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the man...

CWE-1912021

CVE-2022-3165

MEDIUM

CVSS:6.5(Medium)

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending ...

CWE-1912022

CVE-2022-21685

Vulnerability Description

Related Vulnerabilities

CVE-2017-14997

CVE-2018-4011

CVE-2021-24894

CVE-2021-25121

CVE-2021-41821

CVE-2022-3165