CVE-2018-18920

Опубликовано: 12 нояб. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid."

Ссылки

https://github.com/ethereum/py-evm/issues/1448
Exploit
Third Party Advisory
https://twitter.com/AlexanderFisher/status/1060923428641878019
Third Party Advisory
https://twitter.com/NettaLab/status/1060889400102383617
Third Party Advisory
https://www.reddit.com/r/ethereum/comments/9vkk2g/netta_labs_claim_to_have_found_a_vulnerability_in/e9d3wyx/
Third Party Advisory
https://github.com/ethereum/py-evm/issues/1448
Exploit
Third Party Advisory
https://twitter.com/AlexanderFisher/status/1060923428641878019
Third Party Advisory
https://twitter.com/NettaLab/status/1060889400102383617
Third Party Advisory
https://www.reddit.com/r/ethereum/comments/9vkk2g/netta_labs_claim_to_have_found_a_vulnerability_in/e9d3wyx/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ethereum:py-evm:0.2.0:alpha.33:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.0075

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2018-18920

CVSS3: 8.8

debian

около 7 лет назад

Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode ...

GHSA-vqgp-4jgj-5j64

CVSS3: 8.8

github

около 7 лет назад

Py-EVM is vulnerable to arbitrary bytecode injection

EPSS

Процентиль: 73%

0.0075

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-119