7.5

CVE-2018-17877

Exploit

EPSS 0.32%
Veröffentlicht 23.10.2018 21:30:53
Zuletzt bearbeitet 21.11.2024 03:55:07
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Greedy599 ≫ Greedy 599 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.516

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17877

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-17877

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-17877

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-17877

EUVD