How severe is CVE-2024-45056?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-45056?

This is classified as CWE-682, which is a common weakness in software security.

CVE-2024-45056 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended. Thus instead of producing `roti 2^256 - 1, x` the compiler produces `rotl 2^64 - 1, x`. Analysis has shown that no contracts were affected by the date of publishing this advisory. This issue has been addressed in version 1.5.3. Users are advised to upgrade and redeploy all contracts. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2011-1573

MEDIUM

CVSS:5.9(Medium)

net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT an...

CWE-6822011

CVE-2017-8932

MEDIUM

CVSS:5.9(Medium)

A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input poi...

CWE-6822017

CVE-2024-34704

MEDIUM

CVSS:5.9(Medium)

era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the `DAGCombine` phase while visiting the XOR operation. The issue arises when attemptin...

CWE-6822024

CVE-2022-31104

MEDIUM

CVSS:5.6(Medium)

Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings...

CWE-6822022

CVE-2016-9377

MEDIUM

CVSS:5.5(Medium)

Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest cras...

CWE-6822016

CVE-2019-20051

MEDIUM

CVSS:5.5(Medium)

A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.

CWE-6822019