CVE-2018-18920

Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid."
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:ethereum:py-evm:0.2.0:alpha.33:*:*:*:*:*:*

Information

Published : 2018-11-11 18:29

Updated : 2019-02-04 05:31


NVD link : CVE-2018-18920

Mitre link : CVE-2018-18920


JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa

Products Affected

ethereum

  • py-evm