CVE-2022-29077

Name
CVE-2022-29077
Description
A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://xrpl.org/blog/2022/rippled-1.8.5.html
MISC https://ripple.com/
MISC https://github.com/ripple/rippled/compare/1.8.4...1.8.5

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:ripple:rippled:*:*:*:*:*:*:*:* rippled >= None < 1.8.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
rippled 3.15-community 1.7.3-r3 André Klitzing <aklitzing@gmail.com> possibly vulnerable