Vulnerability Details : CVE-2018-18920
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid."
Vulnerability category: Overflow
Products affected by CVE-2018-18920
- cpe:2.3:a:ethereum:py-evm:0.2.0:alpha.33:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-18920
0.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-18920
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2018-18920
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-18920
-
https://twitter.com/NettaLab/status/1060889400102383617
Netta Lab on Twitter: "Netta Labs discovered an Ethereum EVM vulnerability, which could be exploited by hackers. The vulnerability can cause smart contracts can be executed indefinitely without gas beThird Party Advisory
-
https://www.reddit.com/r/ethereum/comments/9vkk2g/netta_labs_claim_to_have_found_a_vulnerability_in/e9d3wyx/
Netta labs claim to have found a vulnerability in EVM, what are your thoughts? : ethereumThird Party Advisory
-
https://twitter.com/AlexanderFisher/status/1060923428641878019
alexfisher.eth on Twitter: "@VitalikButerin just commented on this via reddit: https://t.co/EoKMDdykzq… "Third Party Advisory
-
https://github.com/ethereum/py-evm/issues/1448
Invalid values like 100, 0 occurs in Stack during the execution. · Issue #1448 · ethereum/py-evm · GitHubExploit;Third Party Advisory
Jump to