174 matches found
CVE-2022-24738
Evmos prior to v2.0.1 is vulnerable to draining unclaimed funds by an attacker who creates a malicious chain that does not enforce signature verification and connects it to a target Evmos instance via IBC, enabling migration of claim records and fund transfer. The issue stems from a vulnerability...
CVE-2022-24738 Account compromise in Evmos
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmo...
Design/Logic Flaw
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...
Vyper 缓冲区错误漏洞
Vyper is the Pythonic smart contract language for EVM. Vyper suffers from a buffer error vulnerability that stems from an incorrect pointer to the top of the stack, which can lead to memory corruption issues...
evm (>=0.13.0 <=0.20.0), evm-gasometer (>=0.13.0 <=0.20.0) +2 more potentially affected by unknown CVE via evm-core (>=0.13.1 <=0.20.0)
evm-core CARGO version =0.13.1, =0.13.0, =0.13.0, =0.13.0, =2.0.0, =2.0.1 Source cves: unknown CVE Source advisory: OSV:GHSA-773Q-5334-5GF9...
CVE-2021-29511
evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the evm crate can over-allocate memory when it is not needed, making it possible for an attacker to perform...
CVE-2021-29511
CVE-2021-29511 affects the Rust EVM implementation (evm crate). Before the patch in commit 19ade85, certain memory-opcodes using memory::copy_large could cause memory over-allocation, enabling a denial-of-service. Remediation: upgrade evm to >=0.26.1, or to specific newer releases (0.21.1, 0.2...
PT-2021-18262 · Evm · Evm
Name of the Vulnerable Software and Affected Versions: evm versions prior to 0.21.1 evm versions prior to 0.23.1 evm versions prior to 0.24.1 evm versions prior to 0.25.1 evm versions prior to 0.26.1 Description: The issue is related to the execution of specific EVM opcodes that use evm...
CVE-2017-14451
CVE-2017-14451 is an exploitable out-of-bounds read in libevm (CPP‑Ethereum). The root cause, per TALOS/Red Hat/NVD details, is the pow2N function returning exp[_n] without bounds checks, with exp defined as size 6. The _type parameter (0–255) can drive laneCount/laneWidth to values beyond the ar...
Py-EVM Security Vulnerability
Py-EVM is a Python-based implementation of an Ethernet virtual machine. A security vulnerability exists in Py-EVM version 0.2.0-alpha.33. An attacker can exploit the vulnerability to cause a denial of service...
CVE-2017-14457
An exploitable information leak/denial of service vulnerability exists in the libevm Ethereum Virtual Machine create2 opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can...
CVE-2017-14457
An exploitable information leak/denial of service vulnerability exists in the libevm Ethereum Virtual Machine create2 opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can...
CVE-2017-14457
The CVE-2017-14457 issue impacts CPP-Ethereum’s libevm create2 opcode handler. A crafted contract can set an extremely large initSize passed to the bytesConstRef used to compute the create2 hash, enabling an out-of-bounds read that can cause memory disclosure or a denial of service. Talos and CVE...
CPP-Ethereum libevm create2 Information Leak Vulnerability(CVE-2017-14457)
Summary An exploitable information leak / denial of service vulnerability exists in the libevm Ethereum Virtual Machine create2 opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker ca...