CVE-2022-36058

Improper Input Validation in go/github.com/ElrondNetwork/elrond-go

Identifiers

CVE-2022-36058, GHSA-qf7j-25g9-r63f

Package Slug

go/github.com/ElrondNetwork/elrond-go

Vulnerability

Improper Input Validation

Description

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks (historical or actual) could encounter a MultiESDTNFTTransfer transaction like this: MultiESDTNFTTransfer with a missing function name. Basic functionality like p2p messaging, storage, API requests and such are unaffected. Version 1.3.34 contains a fix for this issue. There are no known workarounds.

Affected Versions

All versions before 1.3.34

Solution

Upgrade to version 1.3.34 or above.

Last Modified

2022-09-12

source