CVE-2018-1000618 — CRITICAL (9.8)

Vulnerability Description

EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d .

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Eosio Project	Eos	-

Related Weaknesses (CWE)

CWE-674

References

https://github.com/EOSIO/eos/pull/4112Third Party Advisory
https://github.com/EOSIO/eos/pull/4112Third Party Advisory

FAQ

What is CVE-2018-1000618?

CVE-2018-1000618 is a vulnerability with a CVSS score of 9.8 (CRITICAL). EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to ...

How severe is CVE-2018-1000618?

CVE-2018-1000618 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-1000618?

Check the references section above for vendor advisories and patch information. Affected products include: Eosio Project Eos.