Published: 05/07/2018 Updated: 04/09/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) prior to 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows malicious users to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ethereum go ethereum

BlockChain-Security-List About cryptocurrency security (reverse, exploit, fuzz) 欢迎加入！此List会跟踪最新情报实时更新。 Tools mythril - Security analysis tool for Ethereum smart contracts manticore - Symbolic execution tool Slither - Slither combines a set of proprietary static analyses on Solidity Porosity - Decompiler and Security Analysis tool for Bloc

EPoD (Ethereum Packet of Death)

CVE-2018-12018 Mitre cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2018-12018 The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1811 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 querySki

CWE-129 https://peckshield.com/2018/06/27/EPoD/https://github.com/ethereum/go-ethereum/releases/tag/v1.8.11 https://github.com/ethereum/go-ethereum/pull/16891 https://github.com/ethereum/go-ethereum/commit/a5237a27eaf81946a3edb4fafe13ed6359d119e4 https://nvd.nist.gov https://github.com/im-bug/BlockChain-Security-List https://github.com/k3v142/CVE-2018-12018

CVE-2018-12018

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect