CVE-2022-29077 Information

Description

A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://xrpl.org/blog/2022/rippled-1.8.5.html https://ripple.com/ https://github.com/ripple/rippled/compare/1.8.4…1.8.5

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8