Lucene search

MitreCVE-2018-17968

HistoryOct 23, 2018 - 9:30 p.m.

CVE-2018-17968

2018-10-2321:30:53

CWE-338

mitre

web.nvd.nist.gov

ethereum

gambling

smart contract

vulnerability

cve-2018-17968

security

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.

Affected configurations

Nvd

Node

ruletkaioruletkaioMatch-

VendorProductVersionCPE
ruletkaioruletkaio-cpe:2.3:a:ruletkaio:ruletkaio:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ruletkaio	ruletkaio	-	cpe:2.3:a:ruletkaio:ruletkaio:-:::::::*

References

github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17968

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Related for CVE-2018-17968