Lucene search

[email protected]CVE-2018-13087

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2018-13087

2022-10-0316:22:19

CWE-190

[email protected]

web.nvd.nist.gov

cve-2018-13087

coinstar

ethereum token

smart contract

integer overflow

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

34.1%

JSON

The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Affected configurations

NVD

Node

coinstar_myadvancedtoken_projectcoinstar_myadvancedtokenMatch-

CPENameOperatorVersion
coinstar_myadvancedtoken_project:coinstar_myadvancedtokencoinstar myadvancedtoken project coinstar myadvancedtokeneq-

CPE	Name	Operator	Version
coinstar_myadvancedtoken_project:coinstar_myadvancedtoken	coinstar myadvancedtoken project coinstar myadvancedtoken	eq	-

References

github.com/VenusADLab/EtherTokens/blob/master/MyAdvancedToken/MyAdvancedToken.md

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

34.1%

JSON

Related for CVE-2018-13087

nvd1 cvelist1 prion1