CVE-2022-36058

Description

elrond-go MultiESDTNFTTransfer call on a SC address with missing function name in github.com/ElrondNetwork/elrond-go

How to fix CVE-2022-36058

To remediate CVE-2022-36058, upgrade the affected package to a fixed version below.

• Go/github.com/ElrondNetwork/elrond-go—upgrade to 1.3.34 or later
• —upgrade to 1.3.34 or later

Is CVE-2022-36058 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 1.3.34
• from 0, < 1.3.34

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-36058
• PATCHgithub.com/ElrondNetwork/elrond-go
• WEBgithub.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L402
• WEBgithub.com/ElrondNetwork/elrond-go/commit/cb487fd7be2a2077638eb34ae771a73630c870c7