7.5

CVE-2018-10769

Exploit

EPSS 0.34%
Veröffentlicht 10.08.2018 15:29:00
Zuletzt bearbeitet 21.11.2024 03:42:00
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Smartmesh Project ≫ Smartmesh Version-

Ugtoken Project ≫ Ugtoken Version-

Gg Token Project ≫ Gg Token Version-

First Project ≫ First Version-

Mtc Project ≫ Mtc Version-

Mesh Project ≫ Mesh Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.564

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E

https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-10769

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-10769

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-10769

EUVD