CVE-2023-45130 (GCVE-0-2023-45130)
Vulnerability from cvelistv5
Published
2023-10-13 12:14
Modified
2024-09-17 14:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses `storage::remove_prefix` (now renamed to `storage::clear_prefix`) to remove all storages associated with it. This is a single IO primitive call passing the WebAssembly boundary. For large contracts, the call (without providing a `limit` parameter) can be slow. In addition, for parachains, all storages to be deleted will be part of the PoV, which easily exceed relay chain PoV size limit. On the other hand, Frontier's maintainers only charge a fixed cost for opcode SUICIDE. The maintainers consider the severity of this issue high, because an attacker can craft a contract with a lot of storage values on a parachain, and then call opcode SUICIDE on the contract. If the transaction makes into a parachain block, the parachain will then stall because the PoV size will exceed relay chain's limit. This is especially an issue for XCM transactions, because they can't be skipped. Commit aea528198b3b226e0d20cce878551fd4c0e3d5d0 contains a patch for this issue. For parachains, it's recommended to issue an emergency runtime upgrade as soon as possible. For standalone chains, the impact is less severe because the issue mainly affects PoV sizes. It's recommended to issue a normal runtime upgrade as soon as possible. There are no known workarounds.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| paritytech | frontier |
Version: <= 0.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:18.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v"
},
{
"name": "https://github.com/paritytech/frontier/pull/1212",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/paritytech/frontier/pull/1212"
},
{
"name": "https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:parity:frontier:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "frontier",
"vendor": "parity",
"versions": [
{
"lessThan": "aea528198b3b226e0d20cce878551fd4c0e3d5d0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45130",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:21:21.519931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:30:56.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "frontier",
"vendor": "paritytech",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Frontier is Substrate\u0027s Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses `storage::remove_prefix` (now renamed to `storage::clear_prefix`) to remove all storages associated with it. This is a single IO primitive call passing the WebAssembly boundary. For large contracts, the call (without providing a `limit` parameter) can be slow. In addition, for parachains, all storages to be deleted will be part of the PoV, which easily exceed relay chain PoV size limit. On the other hand, Frontier\u0027s maintainers only charge a fixed cost for opcode SUICIDE. The maintainers consider the severity of this issue high, because an attacker can craft a contract with a lot of storage values on a parachain, and then call opcode SUICIDE on the contract. If the transaction makes into a parachain block, the parachain will then stall because the PoV size will exceed relay chain\u0027s limit. This is especially an issue for XCM transactions, because they can\u0027t be skipped. Commit aea528198b3b226e0d20cce878551fd4c0e3d5d0 contains a patch for this issue. For parachains, it\u0027s recommended to issue an emergency runtime upgrade as soon as possible. For standalone chains, the impact is less severe because the issue mainly affects PoV sizes. It\u0027s recommended to issue a normal runtime upgrade as soon as possible. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T12:14:15.105Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v"
},
{
"name": "https://github.com/paritytech/frontier/pull/1212",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/paritytech/frontier/pull/1212"
},
{
"name": "https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0"
}
],
"source": {
"advisory": "GHSA-gc88-2gvv-gp3v",
"discovery": "UNKNOWN"
},
"title": "Frontier opcode SUICIDE touches too many storage values on large contracts"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45130",
"datePublished": "2023-10-13T12:14:15.105Z",
"dateReserved": "2023-10-04T16:02:46.328Z",
"dateUpdated": "2024-09-17T14:30:56.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v\", \"name\": \"https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/paritytech/frontier/pull/1212\", \"name\": \"https://github.com/paritytech/frontier/pull/1212\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0\", \"name\": \"https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T20:14:18.389Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-45130\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-17T14:21:21.519931Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:parity:frontier:*:*:*:*:*:*:*:*\"], \"vendor\": \"parity\", \"product\": \"frontier\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"aea528198b3b226e0d20cce878551fd4c0e3d5d0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-17T14:30:51.315Z\"}}], \"cna\": {\"title\": \"Frontier opcode SUICIDE touches too many storage values on large contracts\", \"source\": {\"advisory\": \"GHSA-gc88-2gvv-gp3v\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"paritytech\", \"product\": \"frontier\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 0.1.0\"}]}], \"references\": [{\"url\": \"https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v\", \"name\": \"https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/paritytech/frontier/pull/1212\", \"name\": \"https://github.com/paritytech/frontier/pull/1212\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0\", \"name\": \"https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Frontier is Substrate\u0027s Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses `storage::remove_prefix` (now renamed to `storage::clear_prefix`) to remove all storages associated with it. This is a single IO primitive call passing the WebAssembly boundary. For large contracts, the call (without providing a `limit` parameter) can be slow. In addition, for parachains, all storages to be deleted will be part of the PoV, which easily exceed relay chain PoV size limit. On the other hand, Frontier\u0027s maintainers only charge a fixed cost for opcode SUICIDE. The maintainers consider the severity of this issue high, because an attacker can craft a contract with a lot of storage values on a parachain, and then call opcode SUICIDE on the contract. If the transaction makes into a parachain block, the parachain will then stall because the PoV size will exceed relay chain\u0027s limit. This is especially an issue for XCM transactions, because they can\u0027t be skipped. Commit aea528198b3b226e0d20cce878551fd4c0e3d5d0 contains a patch for this issue. For parachains, it\u0027s recommended to issue an emergency runtime upgrade as soon as possible. For standalone chains, the impact is less severe because the issue mainly affects PoV sizes. It\u0027s recommended to issue a normal runtime upgrade as soon as possible. There are no known workarounds.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-10-13T12:14:15.105Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-45130\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-17T14:30:56.468Z\", \"dateReserved\": \"2023-10-04T16:02:46.328Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-10-13T12:14:15.105Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…