CVE-2022-35917 - OpenCVE

Vendors	Products
Solanalabs	Pay

Link	Resource
https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference	Third Party Advisory
https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts	Third Party Advisory
https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad	Patch Third Party Advisory
https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq	Patch Third Party Advisory

{"containers": {"cna": {"affected": [{"product": "solana-pay", "vendor": "solana-labs", "versions": [{"status": "affected", "version": "< 0.2.1"}]}], "descriptions": [{"lang": "en", "value": "Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-670", "description": "CWE-670: Always-Incorrect Control Flow Implementation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-01T21:10:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts"}], "source": {"advisory": "GHSA-j47c-j42c-mwqq", "discovery": "UNKNOWN"}, "title": "Weakness in Transfer Validation Logic in @solana/pay", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-35917", "STATE": "PUBLIC", "TITLE": "Weakness in Transfer Validation Logic in @solana/pay"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "solana-pay", "version": {"version_data": [{"version_value": "< 0.2.1"}]}}]}, "vendor_name": "solana-labs"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-670: Always-Incorrect Control Flow Implementation"}]}]}, "references": {"reference_data": [{"name": "https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq", "refsource": "CONFIRM", "url": "https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq"}, {"name": "https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad", "refsource": "MISC", "url": "https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad"}, {"name": "https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference", "refsource": "MISC", "url": "https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference"}, {"name": "https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts", "refsource": "MISC", "url": "https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts"}]}, "source": {"advisory": "GHSA-j47c-j42c-mwqq", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-35917", "datePublished": "2022-08-01T21:10:11", "dateReserved": "2022-07-15T00:00:00", "dateUpdated": "2022-08-01T21:10:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solanalabs:pay:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA0D8FFF-0C7B-45CE-B3FD-FF53A6147F8B", "versionEndExcluding": "0.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue."}, {"lang": "es", "value": "Solana Pay es un protocolo y un conjunto de implementaciones de referencia que permiten a desarrolladores incorporar pagos descentralizados en sus aplicaciones y servicios. Cuando es localizada una transacci\u00f3n de Solana Pay usando una clave de referencia, puede comprobarse que representa una transferencia del importe deseado al destinatario, usando la funci\u00f3n suministrada \"validateTransfer\". Un caso de borde en relaci\u00f3n con este mecanismo podr\u00eda causar a la l\u00f3gica de comprobaci\u00f3n, comprobar m\u00faltiples transferencias. Este problema ha sido corregido a partir de la versi\u00f3n \"0.2.1\". Los usuarios del SDK de Solana Pay deber\u00edan actualizarlo. No se presentan mitigaciones conocidas para este problema"}], "id": "CVE-2022-35917", "lastModified": "2023-05-16T11:00:41.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-08-01T22:15:10.157", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-670"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

JSON object

JSON object

JSON object