How severe is CVE-2022-39384?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.6 out of 10.

What type of vulnerability is CVE-2022-39384?

This is classified as CWE-665, which is a common weakness in software security.

CVE-2022-39384 - MEDIUM Severity | CVSS 5.6

Vulnerability Description

OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution. Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor. This issue has been patched, please upgrade to version 4.4.1. As a workaround, avoid untrusted external calls during initialization.

Related Vulnerabilities

CVE-2010-4343

MEDIUM

CVSS:5.5(Medium)

drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operation...

CWE-6652010

CVE-2010-4655

MEDIUM

CVSS:5.5(Medium)

net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by levera...

CWE-6652010

CVE-2014-8181

MEDIUM

CVSS:5.5(Medium)

The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.

CWE-6652014

CVE-2017-0641

MEDIUM

CVSS:5.5(Medium)

A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to...

CWE-6652017

CVE-2017-0735

MEDIUM

CVSS:5.5(Medium)

A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38239864.

CWE-6652017

CVE-2017-13649

MEDIUM

CVSS:5.5(Medium)

UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root accoun...

CWE-6652017