{"id":"CVE-2022-31246","details":"paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename.","modified":"2026-02-13T08:48:34.436952Z","published":"2022-06-17T14:15:08.127Z","related":["GHSA-4fh4-hx35-r355"],"references":[{"type":"ADVISORY","url":"https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355"},{"type":"ADVISORY","url":"https://twitter.com/ElectrumWallet/status/1534540879905665028"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/spesmilo/electrum","events":[{"introduced":"0"},{"fixed":"839db6ee9c696a9cc5157bf225e750a124c4cdbb"}]}],"versions":["0.56","0.57","0.57a","0.57b","0.57c","0.58","0.59","0.59a","0.59b","0.60","0.61-r1","0.61b","1.1","1.2","1.3","1.5","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6","1.5.7","1.5.8","1.6.0","1.6.1","1.6.2","1.7","1.7.1","1.7.2","1.7.3","1.7.4","1.7rc0","1.8","1.8.1","1.9","1.9.1","1.9.2","1.9.3","1.9.4","1.9.5","1.9.6","1.9.7","1.9.8","2.0","2.0-beta","2.0.1","2.0.2","2.0.3","2.0.4","2.0b2","2.0b3","2.1","2.1.1","2.2","2.3","2.3.1","2.3.2","2.3.3","2.4","2.4.1","2.4.2","2.4.3","2.5","2.5.1","2.5.2","2.5.3","2.5.4","2.6","2.6.1","2.6.2","2.6.3","2.6.4","2.7.0","2.7.1","2.7.10","2.7.11","2.7.12","2.7.13","2.7.14","2.7.15","2.7.16","2.7.17","2.7.18","2.7.2","2.7.3","2.7.4","2.7.5","2.7.6","2.7.7","2.7.8","2.7.9","2.8.0","2.8.1","2.8.2","2.9.0","2.9.1","2.9.2","2.9.3","3.0.0","3.0.1","3.0.2","3.0.3","3.1.2","3.1.3","3.2.0","3.2.1","3.2.2","3.2.3","3.3.0","3.3.1","3.3.2","3.3.3","3.3.4","3.3.5","3.3.6","3.3.7","3.3.8","4.0.0b0","4.0.0b1","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9","4.1.0","4.1.1","4.1.2","4.1.3","4.1.4","4.1.5","4.2.0","4.2.1","password_v2","seed_v10","seed_v5","seed_v7","seed_v8","seed_v9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31246.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}