CVE-2018-19183

Опубликовано: 12 нояб. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to a normal programmatic execution result.

Ссылки

https://github.com/ethereumjs/ethereumjs-monorepo/issues/386#issuecomment-439372074
https://github.com/ethereumjs/ethereumjs-monorepo/issues/395#issuecomment-472449204
https://github.com/ethereumjs/ethereumjs-vm/issues/386
Exploit
Third Party Advisory
https://github.com/ethereumjs/ethereumjs-monorepo/issues/386#issuecomment-439372074
https://github.com/ethereumjs/ethereumjs-monorepo/issues/395#issuecomment-472449204
https://github.com/ethereumjs/ethereumjs-vm/issues/386
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ethereumjs-vm_project:ethereumjs-vm:2.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00625

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-2mw7-wggm-m6w3