CVE-2017-14457

Опубликовано: 19 янв. 2018

Источник: nvd

CVSS3: 8.2

CVSS2: 6.4

EPSS Низкий

Описание

An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) create2 opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability.

Ссылки

http://www.securityfocus.com/bid/102475
Third Party Advisory
VDB Entry
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0503
Third Party Advisory
http://www.securityfocus.com/bid/102475
Third Party Advisory
VDB Entry
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0503
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ethereum:ethereum_virtual_machine:-:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00286

Низкий

8.2 High

CVSS3

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2017-14457

CVSS3: 8.2

debian

около 8 лет назад

An exploitable information leak/denial of service vulnerability exists ...

GHSA-w8h7-7g46-j9v8

CVSS3: 9.1

github

больше 3 лет назад

An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability.

EPSS

Процентиль: 52%

0.00286

Низкий

8.2 High

CVSS3

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-125