CVE-2018-14439 — HIGH (7.5)

Q: How severe is CVE-2018-14439?

CVE-2018-14439 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-14439?

Check the references section above for vendor advisories and patch information. Affected products include: Eblock Eos4J.

Vulnerability Description

espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency transfers of unintended amounts.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Eblock	Eos4J	<= 2018-07-12

Related Weaknesses (CWE)

CWE-682

References

http://www.bishijie.com/kuaixun_80841ExploitThird Party Advisory
https://github.com/espritblock/eos4j/issues/6Third Party Advisory
http://www.bishijie.com/kuaixun_80841ExploitThird Party Advisory
https://github.com/espritblock/eos4j/issues/6Third Party Advisory

FAQ

What is CVE-2018-14439?

CVE-2018-14439 is a vulnerability with a CVSS score of 7.5 (HIGH). espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency t...

How severe is CVE-2018-14439?

CVE-2018-14439 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-14439?

Check the references section above for vendor advisories and patch information. Affected products include: Eblock Eos4J.