CVE-2020-36402 – This CVE describes a stack-use-after-return vul... (How to Fix)

Q: What is the severity of CVE-2020-36402?

CVE-2020-36402 has a CVSS score of 7.8 (HIGH). This CVE describes a stack-use-after-return vulnerability in Solidity 0.7.5's SMT solver interface. It could allow attackers to cause memory corruption or potentially execute arbitrary code when processing specially crafted smart contracts. This affects developers and systems using vulnerable Solidity versions to compile Ethereum smart contracts.

📋 TL;DR

This CVE describes a stack-use-after-return vulnerability in Solidity 0.7.5's SMT solver interface. It could allow attackers to cause memory corruption or potentially execute arbitrary code when processing specially crafted smart contracts. This affects developers and systems using vulnerable Solidity versions to compile Ethereum smart contracts.

💻 Affected Systems

Products:

Solidity

Versions: Specifically version 0.7.5

Operating Systems: All platforms running Solidity

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects compilation of smart contracts using the SMT solver feature. The vulnerability is in the smtutil::CHCSmtLib2Interface::querySolver function.

📦 What is this software?

Solidity by Soliditylang

View all CVEs affecting Solidity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete compromise of the compilation system, potentially allowing attackers to inject malicious code into compiled smart contracts.

🟠

Likely Case

Application crash or denial of service during smart contract compilation, disrupting development workflows and deployment processes.

🟢

If Mitigated

Minimal impact with proper input validation and sandboxing of compilation environments.

🌐 Internet-Facing: MEDIUM - Only affects systems that compile untrusted smart contracts from external sources.

🏢 Internal Only: LOW - Internal development environments compiling trusted code have minimal exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires crafting malicious smart contract code that triggers the vulnerable function during compilation. No public exploits have been documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Solidity 0.7.6 and later

Vendor Advisory: https://github.com/ethereum/solidity/security/advisories

Restart Required: No

Instructions:

1. Update Solidity to version 0.7.6 or later using your package manager. 2. For npm: 'npm update solc'. 3. For system packages: Use appropriate package manager commands for your OS. 4. Recompile any smart contracts with the updated version.

🔧 Temporary Workarounds

Disable SMT Solver

all

Disable the SMT solver feature during compilation to avoid triggering the vulnerable code path.

solc --no-smt <contract_file>

Use Older Stable Version

all

Temporarily downgrade to Solidity 0.7.4 or upgrade to 0.8.x if compatible with your contracts.

npm install solc@0.7.4
or
npm install solc@0.8.0

🧯 If You Can't Patch

Isolate compilation environments in containers or VMs to limit potential damage
Implement strict input validation for smart contracts before compilation

🔍 How to Verify

Check if Vulnerable:

Run 'solc --version' and check if output shows version 0.7.5

Check Version:

solc --version

Verify Fix Applied:

Run 'solc --version' and confirm version is 0.7.6 or higher, or 0.8.x

📡 Detection & Monitoring

Log Indicators:

Unexpected crashes during smart contract compilation
Memory access violation errors in compilation logs
Segmentation faults in solc process

Network Indicators:

None - this is a local compilation vulnerability

SIEM Query:

Process: solc AND (EventID: 1000 OR EventID: 1001) AND Version: 0.7.5

📊 Metadata

CVE ID: CVE-2020-36402

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: July 1, 2021

Last Updated: November 21, 2024

🔗 References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26997 Exploit,Issue Tracking,Patch,Third Party Advisory
https://github.com/ethereum/solidity/commit/c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e Patch,Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/solidity/OSV-2020-2131.yaml Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26997 Exploit,Issue Tracking,Patch,Third Party Advisory
https://github.com/ethereum/solidity/commit/c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e Patch,Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/solidity/OSV-2020-2131.yaml Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-36402, you might also want to check these: