CVE-2022-47547

GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://arxiv.org/pdf/2212.05197.pdf	Exploit Technical Description Third Party Advisory
https://arxiv.org/pdf/2212.05197.pdf	Exploit Technical Description Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:protocol:gossipsub:1.1:*:*:*:*:*:*:*

History

21 Nov 2024, 07:32

Type	Values Removed	Values Added
References	~~() https://arxiv.org/pdf/2212.05197.pdf - Exploit, Technical Description, Third Party Advisory~~	() https://arxiv.org/pdf/2212.05197.pdf - Exploit, Technical Description, Third Party Advisory
Summary		(es) GossipSub 1.1, tal como se usa para Ethereum 2.0, permite que un par mantenga una puntuación positiva (y por lo tanto no sea eliminado de la red) incluso si se porta mal continuamente al no reenviar nunca mensajes temáticos.

Information

Published : 2022-12-19 09:15

Updated : 2025-04-17 14:15

NVD link : CVE-2022-47547

Mitre link : CVE-2022-47547

CVE.ORG link : CVE-2022-47547

JSON object : View

Products Affected

protocol

gossipsub

CWE

CWE-281

Improper Preservation of Permissions

{"id": "CVE-2022-47547", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-12-19T09:15:09.577", "references": [{"url": "https://arxiv.org/pdf/2212.05197.pdf", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://arxiv.org/pdf/2212.05197.pdf", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-281"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-281"}]}], "descriptions": [{"lang": "en", "value": "GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages."}, {"lang": "es", "value": "GossipSub 1.1, tal como se usa para Ethereum 2.0, permite que un par mantenga una puntuaci\u00f3n positiva (y por lo tanto no sea eliminado de la red) incluso si se porta mal continuamente al no reenviar nunca mensajes tem\u00e1ticos."}], "lastModified": "2025-04-17T14:15:24.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:protocol:gossipsub:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF1A29BD-36CF-4052-991A-CD2E7903F351"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}