CVE-2018-18920

Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid."
Configurations

Configuration 1 (hide)

cpe:2.3:a:ethereum:py-evm:0.2.0:alpha.33:*:*:*:*:*:*

History

No history.

Information

Published : 2018-11-12 02:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-18920

Mitre link : CVE-2018-18920

CVE.ORG link : CVE-2018-18920


JSON object : View

Products Affected

ethereum

  • py-evm
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer