CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-14451

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile3.30th
Published2020年12月2日
Last Modified2024年11月21日

Vulnerability Description

An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability.

Affected Platforms (CPE)

📦
Ethereum

Ethereum

All versions

References & Advisories

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2017-0500
🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2017-0500

関連する脆弱性情報

CVE-2018-140869.8

An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an i...

CVE-2018-140639.8

The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overfl...

CVE-2018-140849.8

An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice t...

CVE-2018-140879.8

An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow....