Sign-up

ID

VAR-201804-0713


CVE

CVE-2018-10376


TITLE

SmartMesh Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005006

DESCRIPTION

An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the "proxyOverflow" issue. SmartMesh ( alias SMT) Contains an integer overflow vulnerability.Information may be tampered with. SmartMesh (SMT) is a blockchain-based IoT underlying protocol that is positioned in areas such as networkless communication and networkless payment. Smart contract is one of them. The 'transferProxy' function implemented by smart contract in SmartMesh has an integer overflow vulnerability

Trust: 2.7

sources: NVD: CVE-2018-10376 // JVNDB: JVNDB-2018-005006 // CNVD: CNVD-2018-09570 // CNNVD: CNNVD-201804-1450

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-09570

AFFECTED PRODUCTS

vendor:smartmeshmodel:smartmeshscope:eqversion: -

Trust: 1.6

vendor:smartmeshmodel:smartmeshscope: - version: -

Trust: 1.4

sources: CNVD: CNVD-2018-09570 // JVNDB: JVNDB-2018-005006 // CNNVD: CNNVD-201804-1450 // NVD: CVE-2018-10376

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10376
value: HIGH

Trust: 1.0

NVD: CVE-2018-10376
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-09570
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201804-1450
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-10376
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-09570
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-10376
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-09570 // JVNDB: JVNDB-2018-005006 // CNNVD: CNNVD-201804-1450 // NVD: CVE-2018-10376

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2018-005006 // NVD: CVE-2018-10376

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1450

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201804-1450

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005006

PATCH
title:SMT Tokenurl:https://smartmesh.io/smt-token/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-005006

EXTERNAL IDS
db:NVDid:CVE-2018-10376
Trust: 3.0
db:JVNDBid:JVNDB-2018-005006
Trust: 0.8
db:CNVDid:CNVD-2018-09570
Trust: 0.6
db:CNNVDid:CNNVD-201804-1450
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-09570 // 
            
            
            
            JVNDB: JVNDB-2018-005006 // 
            
            
            
            CNNVD: CNNVD-201804-1450 // 
            
            
            
            NVD: CVE-2018-10376

REFERENCES
url:https://peckshield.com/2018/04/25/proxyoverflow/
Trust: 3.0
url:https://dasp.co/#item-3
Trust: 1.6
url:https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10376
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10376
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-09570 // 
            
            
            
            JVNDB: JVNDB-2018-005006 // 
            
            
            
            CNNVD: CNNVD-201804-1450 // 
            
            
            
            NVD: CVE-2018-10376

SOURCES
db:CNVDid:CNVD-2018-09570
db:JVNDBid:JVNDB-2018-005006
db:CNNVDid:CNNVD-201804-1450
db:NVDid:CVE-2018-10376

LAST UPDATE DATE
2024-11-23T22:06:56.253000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-09570date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005006date:2018-07-03T00:00:00
db:CNNVDid:CNNVD-201804-1450date:2018-04-26T00:00:00
db:NVDid:CVE-2018-10376date:2024-11-21T03:41:17.767

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-09570date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005006date:2018-07-03T00:00:00
db:CNNVDid:CNNVD-201804-1450date:2018-04-26T00:00:00
db:NVDid:CVE-2018-10376date:2018-04-25T09:29:00.707