nvd-json-data-feeds/CVE-2018/CVE-2018-140xx/CVE-2018-14088.json

{
  "id": "CVE-2018-14088",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-07-16T02:29:00.460",
  "lastModified": "2018-09-12T16:53:39.990",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the \"amount * 1000000000000000\" will cause an integer overflow in withdrawToFounders()."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en una implementaci\u00f3n de contrato inteligente para STeX White List (STE(WL)), un token de Ethereum. El contrato tiene un desbordamiento de enteros. Si el propietario establece el valor de amount a un n\u00famero grande, \"amount * 1000000000000000\" provocar\u00e1 un desbordamiento de enteros en withdrawToFounders()."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:stex_white_list_project:stex_white_list:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CCC6515-035D-4B8C-AA5A-70C430ADE55A"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/hellowuzekai/blockchains/blob/master/overflow3.md",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}