How severe is CVE-2022-35961?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-35961?

This is classified as CWE-354, which is a common weakness in software security.

CVE-2022-35961 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issue for the functions that take a single `bytes` argument, and not the functions that take `r, v, s` or `r, vs` as separate arguments. The potentially affected contracts are those that implement signature reuse or replay protection by marking the signature itself as used rather than the signed message or a nonce included in it. A user may take a signature that has already been submitted, submit it again in a different form, and bypass this protection. The issue has been patched in 4.7.3.

Related Vulnerabilities

CVE-2020-26141

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An advers...

CWE-3542020

CVE-2021-3772

MEDIUM

CVSS:6.5(Medium)

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used an...

CWE-3542021

CVE-2022-25946

MEDIUM

CVSS:6.5(Medium)

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Applia...

CWE-3542022

CVE-2022-45191

MEDIUM

CVSS:6.5(Medium)

An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values.

CWE-3542022

CVE-2022-46402

MEDIUM

CVSS:6.5(Medium)

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values.

CWE-3542022

CVE-2023-33981

MEDIUM

CVSS:6.5(Medium)

Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed a...

CWE-3542023