Lucene search
GoogleOSV:GHSA-VQGP-4JGJ-5J64HistoryNov 21, 2018 - 10:23 p.m.
Py-EVM is vulnerable to arbitrary bytecode injection
2018-11-2122:23:04
Google
osv.dev
7
0.009 Low
EPSS
Percentile
82.8%
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with ‘“stack”: [100, 100, 0]’ where b’\x’ was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to “smart contracts can be executed indefinitely without gas being paid.”
References
github.com/advisories/GHSA-vqgp-4jgj-5j64
github.com/ethereum/py-evm
github.com/ethereum/py-evm/issues/1448
nvd.nist.gov/vuln/detail/CVE-2018-18920
twitter.com/AlexanderFisher/status/1060923428641878019
twitter.com/NettaLab/status/1060889400102383617
www.reddit.com/r/ethereum/comments/9vkk2g/netta_labs_claim_to_have_found_a_vulnerability_in/e9d3wyx
Related
veracode
veracode
Denial Of Service (DoS)
2018-11-13 06:07:31
prion
prion
Design/Logic Flaw
2018-11-12 02:29:00
osv
osv
PYSEC-2018-96
2018-11-12 02:29:00
CVE-2018-18920
2018-11-12 02:29:00
cvelist
cvelist
CVE-2018-18920
2018-11-12 02:00:00
nvd
nvd
CVE-2018-18920
2018-11-12 02:29:00
cve
cve
CVE-2018-18920
2018-11-12 02:29:00
github
github
Py-EVM is vulnerable to arbitrary bytecode injection
2018-11-21 22:23:04