{"id":"CVE-2022-21685","summary":"Integer underflow in Frontier","details":"Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549.","aliases":["GHSA-cjg2-2fjg-fph4"],"modified":"2026-04-02T07:46:35.512059Z","published":"2022-01-14T17:05:11Z","database_specific":{"cwe_ids":["CWE-191"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21685.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21685.json"},{"type":"ADVISORY","url":"https://github.com/paritytech/frontier/security/advisories/GHSA-cjg2-2fjg-fph4"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21685"},{"type":"FIX","url":"https://github.com/paritytech/frontier/commit/8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664"},{"type":"FIX","url":"https://github.com/paritytech/frontier/pull/549"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/polkadot-evm/frontier","events":[{"introduced":"0"},{"fixed":"8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664"}]},{"type":"GIT","repo":"https://github.com/polkadot-evm/frontier","events":[{"introduced":"0"},{"fixed":"8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664"}]}],"versions":["fc-consensus-v1.0.0","fc-consensus-v2.0.0","fc-db-v1.0.0","fc-mapping-sync-v1.0.0","fc-rpc-core-v1.0.0","fc-rpc-v1.0.0","fp-consensus-v1.0.0","fp-evm-v1.0.0","fp-evm-v2.0.0","fp-rpc-v1.0.0","fp-rpc-v2.0.0","fp-rpc-v2.1.0","fp-storage-v1.0.0","fp-storage-v1.0.1","fp-storage-v2.0.0","pallet-dynamic-fee-v1.0.0","pallet-dynamic-fee-v2.0.0","pallet-dynamic-fee-v3.0.0","pallet-ethereum-v1.0.0","pallet-ethereum-v2.0.0","pallet-ethereum-v3.0.0","pallet-evm-precompile-blake2-v1.0.0","pallet-evm-precompile-bn128-v1.0.0","pallet-evm-precompile-dispatch-v1.0.0","pallet-evm-precompile-ed25519-v1.0.0","pallet-evm-precompile-modexp-v1.0.0","pallet-evm-precompile-sha3fips-v1.0.0","pallet-evm-precompile-simple-v1.0.0","pallet-evm-v3.0.0","pallet-evm-v4.0.0","pallet-evm-v5.0.0","v0.2.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21685.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2022-01-13"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}