Lucene search

[email protected]NVD:CVE-2018-13490

HistoryJul 09, 2018 - 6:29 a.m.

CVE-2018-13490

2018-07-0906:29:01

CWE-190

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

37.4%

JSON

The mintToken function of a smart contract implementation for FILM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Affected configurations

Nvd

Node

film_tokens_by_contrib_projectfilm_tokens_by_contribMatch-

VendorProductVersionCPE
film_tokens_by_contrib_projectfilm_tokens_by_contrib-cpe:2.3:a:film_tokens_by_contrib_project:film_tokens_by_contrib:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
film_tokens_by_contrib_project	film_tokens_by_contrib	-	cpe:2.3:a:film_tokens_by_contrib_project:film_tokens_by_contrib:-:::::::*

References

github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md

github.com/BlockChainsSecurity/EtherTokens/tree/master/FILM

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

37.4%

JSON

Related for NVD:CVE-2018-13490

prion1 cvelist1 cve1