{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-45130", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-04T16:02:46.328Z", "datePublished": "2023-10-13T12:14:15.105Z", "dateUpdated": "2024-09-17T14:30:56.468Z"}, "containers": {"cna": {"title": "Frontier opcode SUICIDE touches too many storage values on large contracts", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v"}, {"name": "https://github.com/paritytech/frontier/pull/1212", "tags": ["x_refsource_MISC"], "url": "https://github.com/paritytech/frontier/pull/1212"}, {"name": "https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0", "tags": ["x_refsource_MISC"], "url": "https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0"}], "affected": [{"vendor": "paritytech", "product": "frontier", "versions": [{"version": "<= 0.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-13T12:14:15.105Z"}, "descriptions": [{"lang": "en", "value": "Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses `storage::remove_prefix` (now renamed to `storage::clear_prefix`) to remove all storages associated with it. This is a single IO primitive call passing the WebAssembly boundary. For large contracts, the call (without providing a `limit` parameter) can be slow. In addition, for parachains, all storages to be deleted will be part of the PoV, which easily exceed relay chain PoV size limit. On the other hand, Frontier's maintainers only charge a fixed cost for opcode SUICIDE. The maintainers consider the severity of this issue high, because an attacker can craft a contract with a lot of storage values on a parachain, and then call opcode SUICIDE on the contract. If the transaction makes into a parachain block, the parachain will then stall because the PoV size will exceed relay chain's limit. This is especially an issue for XCM transactions, because they can't be skipped. Commit aea528198b3b226e0d20cce878551fd4c0e3d5d0 contains a patch for this issue. For parachains, it's recommended to issue an emergency runtime upgrade as soon as possible. For standalone chains, the impact is less severe because the issue mainly affects PoV sizes. It's recommended to issue a normal runtime upgrade as soon as possible. There are no known workarounds."}], "source": {"advisory": "GHSA-gc88-2gvv-gp3v", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:14:18.389Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v"}, {"name": "https://github.com/paritytech/frontier/pull/1212", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/paritytech/frontier/pull/1212"}, {"name": "https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0"}]}, {"affected": [{"vendor": "parity", "product": "frontier", "cpes": ["cpe:2.3:a:parity:frontier:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "aea528198b3b226e0d20cce878551fd4c0e3d5d0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-17T14:21:21.519931Z", "id": "CVE-2023-45130", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T14:30:56.468Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v", "name": "https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/paritytech/frontier/pull/1212", "name": "https://github.com/paritytech/frontier/pull/1212", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0", "name": "https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:14:18.389Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-45130", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-17T14:21:21.519931Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:parity:frontier:*:*:*:*:*:*:*:*"], "vendor": "parity", "product": "frontier", "versions": [{"status": "affected", "version": "0", "lessThan": "aea528198b3b226e0d20cce878551fd4c0e3d5d0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T14:30:51.315Z"}}], "cna": {"title": "Frontier opcode SUICIDE touches too many storage values on large contracts", "source": {"advisory": "GHSA-gc88-2gvv-gp3v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "paritytech", "product": "frontier", "versions": [{"status": "affected", "version": "<= 0.1.0"}]}], "references": [{"url": "https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v", "name": "https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/paritytech/frontier/pull/1212", "name": "https://github.com/paritytech/frontier/pull/1212", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0", "name": "https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses `storage::remove_prefix` (now renamed to `storage::clear_prefix`) to remove all storages associated with it. This is a single IO primitive call passing the WebAssembly boundary. For large contracts, the call (without providing a `limit` parameter) can be slow. In addition, for parachains, all storages to be deleted will be part of the PoV, which easily exceed relay chain PoV size limit. On the other hand, Frontier's maintainers only charge a fixed cost for opcode SUICIDE. The maintainers consider the severity of this issue high, because an attacker can craft a contract with a lot of storage values on a parachain, and then call opcode SUICIDE on the contract. If the transaction makes into a parachain block, the parachain will then stall because the PoV size will exceed relay chain's limit. This is especially an issue for XCM transactions, because they can't be skipped. Commit aea528198b3b226e0d20cce878551fd4c0e3d5d0 contains a patch for this issue. For parachains, it's recommended to issue an emergency runtime upgrade as soon as possible. For standalone chains, the impact is less severe because the issue mainly affects PoV sizes. It's recommended to issue a normal runtime upgrade as soon as possible. There are no known workarounds."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-13T12:14:15.105Z"}}}, "cveMetadata": {"cveId": "CVE-2023-45130", "state": "PUBLISHED", "dateUpdated": "2024-09-17T14:30:56.468Z", "dateReserved": "2023-10-04T16:02:46.328Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-10-13T12:14:15.105Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:parity:frontier:*:*:*:*:*:rust:*:*", "matchCriteriaId": "20043267-E766-4C8E-B0BD-3F91289C2F4C", "versionEndIncluding": "0.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses `storage::remove_prefix` (now renamed to `storage::clear_prefix`) to remove all storages associated with it. This is a single IO primitive call passing the WebAssembly boundary. For large contracts, the call (without providing a `limit` parameter) can be slow. In addition, for parachains, all storages to be deleted will be part of the PoV, which easily exceed relay chain PoV size limit. On the other hand, Frontier's maintainers only charge a fixed cost for opcode SUICIDE. The maintainers consider the severity of this issue high, because an attacker can craft a contract with a lot of storage values on a parachain, and then call opcode SUICIDE on the contract. If the transaction makes into a parachain block, the parachain will then stall because the PoV size will exceed relay chain's limit. This is especially an issue for XCM transactions, because they can't be skipped. Commit aea528198b3b226e0d20cce878551fd4c0e3d5d0 contains a patch for this issue. For parachains, it's recommended to issue an emergency runtime upgrade as soon as possible. For standalone chains, the impact is less severe because the issue mainly affects PoV sizes. It's recommended to issue a normal runtime upgrade as soon as possible. There are no known workarounds."}, {"lang": "es", "value": "Frontier es la capa de compatibilidad con Ethereum de Substrate. Antes del commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, al final de la ejecuci\u00f3n de un contrato, cuando el c\u00f3digo de operaci\u00f3n SUICIDE marca un contrato para ser eliminado, el software utiliza `storage::remove_prefix` (ahora renombrado a `storage::clear_prefix`) para eliminar todos los almacenamientos asociados con \u00e9l. Esta es una \u00fanica llamada primitiva de IO que pasa el l\u00edmite de WebAssembly. Para contratos grandes, la llamada (sin proporcionar un par\u00e1metro de \"limit\") puede ser lenta. Adem\u00e1s, para las parachains, todos los almacenamientos que se eliminar\u00e1n formar\u00e1n parte del PoV, que excede f\u00e1cilmente el l\u00edmite de tama\u00f1o de PoV de la cadena de retransmisi\u00f3n. Por otro lado, los mantenedores de Frontier solo cobran un costo fijo por el c\u00f3digo de operaci\u00f3n SUICIDE. Los mantenedores consideran que la gravedad de este problema es alta, porque un atacante puede crear un contrato con muchos valores de almacenamiento en una parachain y luego llamar al c\u00f3digo de operaci\u00f3n SUICIDE en el contrato. Si la transacci\u00f3n se convierte en un bloque de parachain, la parachain se detendr\u00e1 porque el tama\u00f1o del PoV exceder\u00e1 el l\u00edmite de la cadena de retransmisi\u00f3n. Esto es especialmente un problema para las transacciones XCM, porque no se pueden omitir. El commit aea528198b3b226e0d20cce878551fd4c0e3d5d0 contiene un parche para este problema. Para las parachains, se recomienda publicar una actualizaci\u00f3n de emergencia del tiempo de ejecuci\u00f3n lo antes posible. Para las cadenas independientes, el impacto es menos grave porque el problema afecta principalmente a los tama\u00f1os de PoV. Se recomienda publicar una actualizaci\u00f3n del tiempo de ejecuci\u00f3n normal lo antes posible. No se conocen workarounds."}], "id": "CVE-2023-45130", "lastModified": "2024-11-21T08:26:24.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-10-13T13:15:11.827", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0"}, {"source": "[email protected]", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/paritytech/frontier/pull/1212"}, {"source": "[email protected]", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/paritytech/frontier/pull/1212"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "[email protected]", "type": "Primary"}]}

{}