Miggo Logo
Miggo Vulnerability Database
CVE-2020-15899

CVE-2020-15899: Grin insufficient data validation

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-15899
GHSA ID
GHSA-p75g-gcv5-42qg
EPSS Score
0.31685%
CWE
CWE-345
Published
5/24/2022
Updated
2/1/2024
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
grinrust>= 3.0.0, < 4.0.04.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from incorrect node_mask calculation in Cuckaroom29 PoW implementation. Technical details explicitly show the error was using (edge_mask >> 1) instead of edge_mask when creating the graph, directly reducing node space. The CuckooParams::new function's failure to properly initialize node_bits=29 (using edge_bits instead) compounded the issue. These functions are specifically called out in security disclosures and patched in v4.0.0 through parameter corrections.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*rin *.*.* ***or* *.*.* **s insu**i*i*nt v*li**tion o* **t* r*l*t** to Mim*l*wim*l*.

Reasoning

T** vuln*r**ility st*mm** *rom in*orr**t no**_m*sk **l*ul*tion in *u*k*room** PoW impl*m*nt*tion. T***ni**l **t*ils *xpli*itly s*ow t** *rror w*s usin* (****_m*sk >> *) inst*** o* ****_m*sk w**n *r**tin* t** *r*p*, *ir**tly r**u*in* no** sp***. T** *