exploitDog

CVE-2017-14451

Опубликовано: 02 дек. 2020

Источник: nvd

CVSS3: 10

CVSS2: 7.5

EPSS Низкий

Описание

An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2017-0500
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0500
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ethereum:ethereum:-:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02647

Низкий

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-64ww-85jr-gp6p

github

больше 3 лет назад

An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability.

EPSS

Процентиль: 85%

0.02647

Низкий

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-125