CVE-2019-16762

Exploit

EPSS 0.37%
Veröffentlicht 15.11.2019 23:15:11
Zuletzt bearbeitet 21.11.2024 04:31:08
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any version >= 0.21.4.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Simpleledger ≫ Slpjs SwPlatformnode.js Version < 0.21.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.585

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	0.9	5.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H
nvd@nist.gov	4.9	6.8	4.9	AV:N/AC:M/Au:S/C:N/I:P/A:P
security-advisories@github.com	5.7	0.5	5.2	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/simpleledger/slpjs/commit/ac8809b42e47790a6f0205991b36f2699ed10c84#diff-fe58606994c412ba56a65141a7aa4a62L701

Patch

Third Party Advisory

https://github.com/simpleledger/slpjs/security/advisories/GHSA-425c-ccf3-3jrr

Patch

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-16762

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-16762

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-16762

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-16762