Out-of-Bounds Read Vulnerability in CPP-Ethereum by Ethereum Foundation
CVE-2017-14451

10CRITICAL

Key Information:

Vendor: Ethereum
Status: Cpp-ethereum
Vendor: CVE Published:; 2 December 2020

What is CVE-2017-14451?

An out-of-bounds read vulnerability in the libevm component of CPP-Ethereum allows attackers to exploit specially crafted smart contract code. This flaw can lead to subsequent out-of-bounds writes, exposing the system to potential remote code execution. By sending malicious smart contracts, attackers can manipulate the behavior of the Ethereum Virtual Machine, compromising the security of applications that rely on this environment.

Affected Version(s)

CPP-Ethereum Ethereum commit 4e1015743b95821849d001618a7ce82c7c073768

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 2, 2020
Vulnerability Reserved
Sep 13, 2017