ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to a normal programmatic execution result.
References
Configurations
History
23 Jan 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | (en) ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to a normal programmatic execution result. |
Information
Published : 2018-11-12 02:29
Updated : 2024-04-11 01:01
NVD link : CVE-2018-19183
Mitre link : CVE-2018-19183
CVE.ORG link : CVE-2018-19183
JSON object : View
Products Affected
ethereumjs-vm_project
- ethereumjs-vm
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer