nvd-json-data-feeds/CVE-2018/CVE-2018-140xx/CVE-2018-14086.json

{
  "id": "CVE-2018-14086",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-07-16T02:29:00.367",
  "lastModified": "2020-02-18T15:22:29.880",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the \"amount * sellPrice\" will cause an integer overflow in sell()."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en una implementaci\u00f3n de contrato inteligente para SingaporeCoinOrigin (SCO), un token de Ethereum. El contrato tiene un desbordamiento de enteros. Si el propietario establece el valor de sellPrice a un n\u00famero grande en setPrices(), \"amount * sellPrice\" provocar\u00e1 un desbordamiento de enteros en sell()."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mytoken_project:mytoken:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FCBE6AA-7028-42B1-995B-E11381586671"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/hellowuzekai/blockchains/blob/master/overflow1.md",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}