CVE-2022-36447

An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://chia.net	Vendor Advisory
https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html	Vendor Advisory
https://chia.net	Vendor Advisory
https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:chia:network_cat1_standard:1.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:13

Type	Values Removed	Values Added
References	~~() https://chia.net - Vendor Advisory~~	() https://chia.net - Vendor Advisory
References	~~() https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html - Vendor Advisory~~	() https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html - Vendor Advisory

10 Aug 2022, 13:14

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:a:chia:network_cat1_standard:1.0.0:::::::*
CWE		NVD-CWE-noinfo
References	~~(MISC) https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html -~~	(MISC) https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html - Vendor Advisory
References	~~(MISC) https://chia.net -~~	(MISC) https://chia.net - Vendor Advisory

29 Jul 2022, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-29 21:15

Updated : 2024-11-21 07:13

NVD link : CVE-2022-36447

Mitre link : CVE-2022-36447

CVE.ORG link : CVE-2022-36447

JSON object : View

Products Affected

chia

network_cat1_standard

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-36447", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-07-29T21:15:09.607", "references": [{"url": "https://chia.net", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://chia.net", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious."}, {"lang": "es", "value": "Se ha detectado un problema de inflaci\u00f3n en Chia Network CAT1 Standard versi\u00f3n 1.0.0. Los tokens acu\u00f1ados previamente en la blockchain de Chia usando el est\u00e1ndar CAT1 pueden ser inflados de forma arbitraria por cualquier poseedor de cualquier cantidad del token. La cantidad total del token puede incrementarse tanto como le plazca al actor malicioso. Esto es determinado para cada CAT1 en la cadena de bloques de Chia, independientemente de las normas de emisi\u00f3n. Este ataque es auditable en la cadena, por lo que las monedas alteradas maliciosamente pueden ser marcadas como maliciosas por los observadores fuera de la cadena"}], "lastModified": "2024-11-21T07:13:01.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:chia:network_cat1_standard:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "061654C9-9A97-4DC1-B4C5-DDC3DA24226A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}