CVE-2018-14715

EPSS 0.37%
Veröffentlicht 03.08.2018 18:29:00
Zuletzt bearbeitet 21.11.2024 03:49:39
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cryptogs ≫ Cryptogs Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.584

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

https://medium.com/%40jonghyk.song/attack-on-pseudo-random-number-generator-prng-used-in-cryptogs-an-ethereum-cve-2018-14715-f63a51ac2eb9

https://nvd.nist.gov/vuln/detail/CVE-2018-14715

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-14715

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-14715

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-14715