CVE-2018-19163

{"id": "CVE-2018-19163", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-11-05T21:15:12.807", "references": [{"url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://medium.com/%40dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", "source": "cve@mitre.org"}, {"url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://medium.com/%40dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk."}, {"lang": "es", "value": "StratisX versiones 2.0.0.5 (una criptomoneda de prueba de apuesta basada en cadena) permite una denegaci\u00f3n de servicio remota, explotable por parte de un atacante que adquiere inclusive una peque\u00f1a cantidad de monedas de apuesta en el sistema. El atacante env\u00eda encabezados y bloques no v\u00e1lidos, que son almacenados en el disco de la v\u00edctima."}], "lastModified": "2024-11-21T03:57:27.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stratisplatform:stratisx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2991475E-6279-4440-8C2A-9C0C4137E5AF", "versionEndIncluding": "2.0.0.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}