exploitDog

CVE-2020-24837

Опубликовано: 10 фев. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.

Ссылки

https://etherscan.io/address/0x9d79c6e2a0222b9ac7bfabc447209c58fe9e0dcc#code
Patch
Third Party Advisory
https://etherscan.io/address/0x9d79c6e2a0222b9ac7bfabc447209c58fe9e0dcc#code
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zcfees_project:zcfees:-:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00484

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-191

Связанные уязвимости

GHSA-qwpm-85r5-4m77

github

больше 3 лет назад

An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.

EPSS

Процентиль: 65%

0.00484

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-191