CVE-2018-17882

{"id": "CVE-2018-17882", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-03-15T20:29:00.510", "references": [{"url": "https://etherscan.io/address/0x4daa9dc438a77bd59e8a43c6d46cbfe84cd04255#code", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/GreenFoxy/Smart-contract-Vulnerabilities/blob/master/BattleToken.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de enteros en la funci\u00f3n batchTransfer de una implementaci\u00f3n de contrato inteligente para CryptoBotsBattle (CBTB), un token de Ethereum. Esta vulnerabilidad podr\u00eda ser empleada por un atacante para crear una cantidad arbitraria de tokens para cualquier usuario."}], "lastModified": "2019-03-18T16:09:48.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cryptobots:battletoken:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E25D872F-F95B-4655-A7F6-8CA8AF370735"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}