CVE-2019-16761

EPSS 0.99%
Veröffentlicht 15.11.2019 23:15:11
Zuletzt bearbeitet 21.11.2024 04:31:08
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Validator parsing discrepancy due to string encoding in NPM slp-validate 1.0.0

A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slp-validate@1.0.0 npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0.0 have been patched.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Simpleledger ≫ Slp-validate Version1.0.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.99%	0.58

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	0.9	5.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H
nvd@nist.gov	4.9	6.8	4.9	AV:N/AC:M/Au:S/C:N/I:P/A:P
security-advisories@github.com	5.7	0.5	5.2	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/simpleledger/slp-validate/commit/50ad96c2798dad6b9f9a13333dd05232defe5730#diff-fe58606994c412ba56a65141a7aa4a62L123

Patch

Third Party Advisory

https://github.com/simpleledger/slp-validate/security/advisories/GHSA-wmx6-vxcf-c3gr

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-16761

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-16761

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-16761

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-16761