Vulnerabilities > Ethereum

DATE CVE VULNERABILITY TITLE RISK
2018-12-24 CVE-2018-20421 Allocation of Resources Without Limits or Throttling vulnerability in Ethereum GO Ethereum 1.8.19
Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of "assembly { mstore }" followed by a "c[0xC800000] = 0xFF" assignment.
network
low complexity
ethereum CWE-770
7.5
2018-11-12 CVE-2018-19184 NULL Pointer Dereference vulnerability in Ethereum GO Ethereum 1.8.17
cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode.
network
low complexity
ethereum CWE-476
7.5
2018-11-12 CVE-2018-18920 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ethereum Py-Evm 0.2.0
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode.
network
low complexity
ethereum CWE-119
8.8
2018-09-08 CVE-2018-16733 Improper Input Validation vulnerability in Ethereum GO Ethereum
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.
network
low complexity
ethereum CWE-20
7.5
2018-07-05 CVE-2018-12018 Improper Validation of Array Index vulnerability in Ethereum GO Ethereum
The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value.
network
low complexity
ethereum CWE-129
7.5
2018-01-19 CVE-2017-14457 Out-of-bounds Read vulnerability in Ethereum Virtual Machine
An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum.
network
low complexity
ethereum CWE-125
8.2
2018-01-19 CVE-2017-12119 Improper Check for Unusual or Exceptional Conditions vulnerability in Ethereum Cpp-Ethereum
An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC.
network
low complexity
ethereum CWE-754
7.5
2018-01-19 CVE-2017-12118 Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum
An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).
network
high complexity
ethereum CWE-863
8.1
2018-01-19 CVE-2017-12116 Incorrect Authorization vulnerability in Ethereum Aleth
An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).
network
high complexity
ethereum CWE-863
8.1
2018-01-19 CVE-2017-12113 Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum
An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).
network
high complexity
ethereum CWE-863
8.1