7 matches found
CVE-2017-12119
CVE-2017-12119 is a denial-of-service vulnerability in CPP-Ethereum JSON-RPC. A malformed JSON request can trigger an unhandled exception in the JSON-RPC server (via JSON-Cpp value handling and isInt checks), crashing the client. Public documentation lists multiple vulnerable JSON-RPC APIs (e.g.,...
CVE-2017-12113
The CVE-2017-12113 issue affects cpp-ethereum’s JSON-RPC admin_nodeInfo API. A missing authorization check (improper authorization) allows a remote attacker to trigger restricted functionality without credentials. Descriptions from Talos and related advisories confirm the vulnerability in Ethereu...
CVE-2017-12112
The CVE-2017-12112 entry corresponds to an authorization bypass in cpp-ethereum’s JSON-RPC admin_addPeer API. Talos reports an improper authorization check in AdminNet::admin_addPeer that allows a remote attacker to trigger restricted functionality without credentials, with the call binding to 0....
CVE-2017-12115
CVE-2017-12115 affects cpp-ethereum’s JSON-RPC endpoint miner_setEtherbase. The root cause is improper authorization: the function does not perform a user privilege check, allowing the execution of restricted functionality via a JSON request. The vulnerability is demonstrated by the existence of ...
CVE-2017-12117
CVE-2017-12117 affects cpp-ethereum’s JSON-RPC miner_start API. The root cause is improper authorization checks in the miner_start implementation, allowing a remote attacker to trigger restricted functionality without credentials. Affected component is the JSON-RPC server inside cpp-ethereum (com...
CVE-2017-12118
CVE-2017-12118 refers to a vulnerability in cpp-ethereum’s JSON‑RPC miner_stop API where improper authorization could allow a remote attacker to trigger functionality reserved for admins. The weakness stems from missing privilege checks in miner_stop (no RPC_ADMIN guard), with attacker-controlled...
CVE-2017-12114
The CVE-2017-12114 entry affects cpp-ethereum’s JSON-RPC admin_peers API. Technical details from connected sources show an improper authorization flaw where admin_peers allows access to restricted functionality without credentials. The root cause is missing privilege checks in AdminNet::admin_pee...