nvd-json-data-feeds/CVE-2018/CVE-2018-140xx/CVE-2018-14087.json

{
  "id": "CVE-2018-14087",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-07-16T02:29:00.397",
  "lastModified": "2020-02-18T14:26:04.617",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the \"msg.value * buyPrice\" will cause an integer overflow in the fallback function."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en una implementaci\u00f3n de contrato inteligente para EUC (EUC), un token de Ethereum. El contrato tiene un desbordamiento de enteros. Si el propietario establece el valor de buyPrice a un n\u00famero grande en setPrices(), \"msg.value * buyPrice\" provocar\u00e1 un desbordamiento de enteros en la funci\u00f3n fallback."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:encryptedtoken_project:encryptedtoken:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95C03366-CF0E-45C6-8EF7-8EB30BC6C795"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/hellowuzekai/blockchains/blob/master/overflow2.md",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}