// For flags

CVE-2018-1000618

 

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d .

EOSIO/eos eos en versiones tras el commit con ID f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contiene una vulnerabilidad de desbordamiento de pila en abi_serializer que puede resultar en un ataque al nodo de red de eos. Este ataque parece ser explotable mediante una peticiĆ³n de red. La vulnerabilidad parece haber sido solucionada tras el commit con ID cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-07-09 CVE Reserved
  • 2018-07-09 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-674: Uncontrolled Recursion
CAPEC
References (1)
URL Tag Source
https://github.com/EOSIO/eos/pull/4112 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Eosio Project
Search vendor "Eosio Project"
Eos
Search vendor "Eosio Project" for product "Eos"
--
Affected