Bug 852842 (CVE-2022-31246)

Summary:	<net-misc/electrum-4.2.2: DoS via crafted payment request URL
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	blueness, luke-jr+gentoobugs, mgorny
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---
Bug Depends on:	852869
Bug Blocks:

Description John Helmert III archtester

2022-06-17 21:50:37 UTC

CVE-2022-31246:

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename.

Comment 1 Larry the Git Cow gentoo-dev

2022-06-19 05:06:30 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=209997f21d87a7cc8435b33385adb3e42baed79a

commit 209997f21d87a7cc8435b33385adb3e42baed79a
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2022-06-19 05:04:16 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2022-06-19 05:04:38 +0000

    net-misc/electrum: Remove old
    
    Bug: https://bugs.gentoo.org/852842
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 net-misc/electrum/Manifest                 |  1 -
 net-misc/electrum/electrum-4.2.1-r2.ebuild | 99 ------------------------------
 2 files changed, 100 deletions(-)

Comment 2 John Helmert III archtester

2022-06-25 04:38:09 UTC

Thanks! Hard to exploit and limited impact anyway, so no GLSA. All done!