CVE-2018-18920
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-18920
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-18920.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-18920
- Aliases
- Published
- 2018-11-12T02:29:00Z
- Modified
- 2024-10-12T03:19:16.521111Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.executebytecode call that triggers computation.stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid."
- References
Affected packages
Git / github.com/ethereum/py-evm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ethereum/py-evm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
trinity-v0.*
trinity-v0.1.0-alpha.10
trinity-v0.1.0-alpha.11
trinity-v0.1.0-alpha.12
trinity-v0.1.0-alpha.13
trinity-v0.1.0-alpha.14
trinity-v0.1.0-alpha.15
trinity-v0.1.0-alpha.2
trinity-v0.1.0-alpha.4
trinity-v0.1.0-alpha.5
trinity-v0.1.0-alpha.7
trinity-v0.1.0-alpha.8
trinity-v0.1.0-alpha.9
v0.*
v0.2.0-alpha.1
v0.2.0-alpha.10
v0.2.0-alpha.11
v0.2.0-alpha.12
v0.2.0-alpha.13
v0.2.0-alpha.14
v0.2.0-alpha.15
v0.2.0-alpha.16
v0.2.0-alpha.17
v0.2.0-alpha.18
v0.2.0-alpha.19
v0.2.0-alpha.2
v0.2.0-alpha.20
v0.2.0-alpha.21
v0.2.0-alpha.22
v0.2.0-alpha.23
v0.2.0-alpha.24
v0.2.0-alpha.25
v0.2.0-alpha.26
v0.2.0-alpha.27
v0.2.0-alpha.28
v0.2.0-alpha.29
v0.2.0-alpha.3
v0.2.0-alpha.30
v0.2.0-alpha.31
v0.2.0-alpha.32
v0.2.0-alpha.33
v0.2.0-alpha.4
v0.2.0-alpha.5
v0.2.0-alpha.6
v0.2.0-alpha.7
v0.2.0-alpha.8
v0.2.0-alpha.9