CVE-2018-18667

Опубликовано: 28 дек. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value, a related issue to CVE-2018-11812.

Ссылки

https://etherscan.io/address/0x7703c35cffdc5cda8d27aa3df2f9ba6964544b6e#code
Third Party Advisory
https://github.com/klenergy/ethereum-contracts/issues/1
Exploit
Third Party Advisory
https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md
Exploit
Third Party Advisory
https://etherscan.io/address/0x7703c35cffdc5cda8d27aa3df2f9ba6964544b6e#code
Third Party Advisory
https://github.com/klenergy/ethereum-contracts/issues/1
Exploit
Third Party Advisory
https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pylon-network:pylontoken:-:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00272

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

GHSA-vhq3-xx7w-3wr2