CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
29.4%
@ensdomains/ens-contracts is vulnerable to Force Expiration Of Ethereum Name Service (ENS). The vulnerability exists due to the integer overflow in the renew
function of BaseRegistrarImplementation.sol
, which allows an attacker to reduce the expiration time of existing domains.
github.com/advisories/GHSA-rrxv-q8m4-wch3
github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171
github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca
github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3