Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by smartmesh
VAR-201808-0675
Vulnerability from variot - Updated: 2023-12-18 13:33The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT). SmartMesh Contains an access control vulnerability.Information may be altered. SmartMesh (SMT) is a blockchain-based IoT underlying protocol that is positioned in areas such as networkless communication and networkless payment.
There are security vulnerabilities in the 'transferProxy' and 'approveProxy' functions in SMT's smart contracts. An attacker could use this vulnerability to unauthorized transfer of digital assets
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0675",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smartmesh",
"scope": "eq",
"trust": 1.6,
"vendor": "smartmesh",
"version": null
},
{
"model": "smartmesh",
"scope": null,
"trust": 1.4,
"vendor": "smartmesh",
"version": null
},
{
"model": "mtc",
"scope": "eq",
"trust": 1.0,
"vendor": "mtc",
"version": null
},
{
"model": "first",
"scope": "eq",
"trust": 1.0,
"vendor": "first",
"version": null
},
{
"model": "ugtoken",
"scope": "eq",
"trust": 1.0,
"vendor": "ugtoken",
"version": null
},
{
"model": "mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "mesh",
"version": null
},
{
"model": "gg token",
"scope": "eq",
"trust": 1.0,
"vendor": "gg token",
"version": null
},
{
"model": "first",
"scope": null,
"trust": 0.8,
"vendor": "first",
"version": null
},
{
"model": "gg token",
"scope": null,
"trust": 0.8,
"vendor": "gg token",
"version": null
},
{
"model": "m2c mesh network",
"scope": null,
"trust": 0.8,
"vendor": "mesh",
"version": null
},
{
"model": "m2c mesh network",
"scope": null,
"trust": 0.8,
"vendor": "mtc",
"version": null
},
{
"model": "ug token",
"scope": null,
"trust": 0.8,
"vendor": "ug token",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19606"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009255"
},
{
"db": "NVD",
"id": "CVE-2018-10769"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-305"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:smartmesh_project:smartmesh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ugtoken_project:ugtoken:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gg_token_project:gg_token:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:first_project:first:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mtc_project:mtc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mesh_project:mesh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10769"
}
]
},
"cve": "CVE-2018-10769",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-10769",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-19606",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-10769",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10769",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-19606",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-305",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19606"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009255"
},
{
"db": "NVD",
"id": "CVE-2018-10769"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-305"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT). SmartMesh Contains an access control vulnerability.Information may be altered. SmartMesh (SMT) is a blockchain-based IoT underlying protocol that is positioned in areas such as networkless communication and networkless payment. \n\nThere are security vulnerabilities in the \u0027transferProxy\u0027 and \u0027approveProxy\u0027 functions in SMT\u0027s smart contracts. An attacker could use this vulnerability to unauthorized transfer of digital assets",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10769"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009255"
},
{
"db": "CNVD",
"id": "CNVD-2018-19606"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-305"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10769",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009255",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-19606",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201808-305",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19606"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009255"
},
{
"db": "NVD",
"id": "CVE-2018-10769"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-305"
}
]
},
"id": "VAR-201808-0675",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19606"
}
],
"trust": 1.2222222249999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19606"
}
]
},
"last_update_date": "2023-12-18T13:33:43.729000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "M2C Mesh Network (MTC)",
"trust": 0.8,
"url": "https://etherscan.io/address/0x8febf7551eea6ce499f96537ae0e2075c5a7301a#code"
},
{
"title": "UG Token (UGT)",
"trust": 0.8,
"url": "https://etherscan.io/address/0x43ee79e379e7b78d871100ed696e803e7893b644#code"
},
{
"title": "First (FST)",
"trust": 0.8,
"url": "https://etherscan.io/address/0x9e88770da20ebea0df87ad874c2f5cf8ab92f605#code"
},
{
"title": "GG Token (GG)",
"trust": 0.8,
"url": "https://etherscan.io/address/0xf20b76ed9d5467fdcdc1444455e303257d2827c7#code"
},
{
"title": "M2C Mesh Network (mesh)",
"trust": 0.8,
"url": "https://etherscan.io/address/0x3ac6cb00f5a44712022a51fbace4c7497f56ee31#code"
},
{
"title": "SMT Token",
"trust": 0.8,
"url": "https://smartmesh.io/smt-token/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009255"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009255"
},
{
"db": "NVD",
"id": "CVE-2018-10769"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://github.com/nkbai/defcon26/blob/master/docs/replay%20attacks%20on%20ethereum%20smart%20contracts.md"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3cdev.struts.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10769"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10769"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3cdev.struts.apache.org%3e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19606"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009255"
},
{
"db": "NVD",
"id": "CVE-2018-10769"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-305"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-19606"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009255"
},
{
"db": "NVD",
"id": "CVE-2018-10769"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-305"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19606"
},
{
"date": "2018-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009255"
},
{
"date": "2018-08-10T15:29:00.237000",
"db": "NVD",
"id": "CVE-2018-10769"
},
{
"date": "2018-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-305"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19606"
},
{
"date": "2018-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009255"
},
{
"date": "2023-11-07T02:51:32.420000",
"db": "NVD",
"id": "CVE-2018-10769"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-305"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-305"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SmartMesh Vulnerabilities in access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009255"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-305"
}
],
"trust": 0.6
}
}
VAR-201804-0713
Vulnerability from variot - Updated: 2023-12-18 12:18An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the "proxyOverflow" issue. SmartMesh ( alias SMT) Contains an integer overflow vulnerability.Information may be tampered with. SmartMesh (SMT) is a blockchain-based IoT underlying protocol that is positioned in areas such as networkless communication and networkless payment. Smart contract is one of them. The 'transferProxy' function implemented by smart contract in SmartMesh has an integer overflow vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0713",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smartmesh",
"scope": "eq",
"trust": 1.6,
"vendor": "smartmesh",
"version": null
},
{
"model": "smartmesh",
"scope": null,
"trust": 1.4,
"vendor": "smartmesh",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09570"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005006"
},
{
"db": "NVD",
"id": "CVE-2018-10376"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1450"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:smartmesh:smartmesh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10376"
}
]
},
"cve": "CVE-2018-10376",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-10376",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-09570",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-10376",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10376",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-09570",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-1450",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09570"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005006"
},
{
"db": "NVD",
"id": "CVE-2018-10376"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1450"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the \"proxyOverflow\" issue. SmartMesh ( alias SMT) Contains an integer overflow vulnerability.Information may be tampered with. SmartMesh (SMT) is a blockchain-based IoT underlying protocol that is positioned in areas such as networkless communication and networkless payment. Smart contract is one of them. \nThe \u0027transferProxy\u0027 function implemented by smart contract in SmartMesh has an integer overflow vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10376"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005006"
},
{
"db": "CNVD",
"id": "CNVD-2018-09570"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1450"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10376",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005006",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-09570",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1450",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09570"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005006"
},
{
"db": "NVD",
"id": "CVE-2018-10376"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1450"
}
]
},
"id": "VAR-201804-0713",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09570"
}
],
"trust": 1.0444444499999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09570"
}
]
},
"last_update_date": "2023-12-18T12:18:57.622000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SMT Token",
"trust": 0.8,
"url": "https://smartmesh.io/smt-token/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005006"
},
{
"db": "NVD",
"id": "CVE-2018-10376"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://peckshield.com/2018/04/25/proxyoverflow/"
},
{
"trust": 1.6,
"url": "https://dasp.co/#item-3"
},
{
"trust": 1.0,
"url": "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10376"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10376"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09570"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005006"
},
{
"db": "NVD",
"id": "CVE-2018-10376"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1450"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-09570"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005006"
},
{
"db": "NVD",
"id": "CVE-2018-10376"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1450"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09570"
},
{
"date": "2018-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005006"
},
{
"date": "2018-04-25T09:29:00.707000",
"db": "NVD",
"id": "CVE-2018-10376"
},
{
"date": "2018-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1450"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09570"
},
{
"date": "2018-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005006"
},
{
"date": "2018-06-13T15:29:11.360000",
"db": "NVD",
"id": "CVE-2018-10376"
},
{
"date": "2018-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1450"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-1450"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SmartMesh Integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005006"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-1450"
}
],
"trust": 0.6
}
}
CVE-2018-10376 (GCVE-0-2018-10376)
Vulnerability from cvelistv5 – Published: 2018-04-25 09:00 – Updated: 2024-08-05 07:39
VLAI
KEVIntel
Summary
An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the "proxyOverflow" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://peckshield.com/2018/04/25/proxyOverflow/ | x_refsource_MISC |
| https://www.reddit.com/r/ethereum/comments/8esyg9… | x_refsource_MISC |
| https://dasp.co/#item-3 | x_refsource_MISC |
Date Public
2018-04-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:07.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://peckshield.com/2018/04/25/proxyOverflow/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dasp.co/#item-3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the \"proxyOverflow\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-27T03:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://peckshield.com/2018/04/25/proxyOverflow/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dasp.co/#item-3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the \"proxyOverflow\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://peckshield.com/2018/04/25/proxyOverflow/",
"refsource": "MISC",
"url": "https://peckshield.com/2018/04/25/proxyOverflow/"
},
{
"name": "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/",
"refsource": "MISC",
"url": "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/"
},
{
"name": "https://dasp.co/#item-3",
"refsource": "MISC",
"url": "https://dasp.co/#item-3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10376",
"datePublished": "2018-04-25T09:00:00.000Z",
"dateReserved": "2018-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:39:07.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10376 (GCVE-0-2018-10376)
Vulnerability from nvd – Published: 2018-04-25 09:00 – Updated: 2024-08-05 07:39
VLAI
KEVIntel
Summary
An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the "proxyOverflow" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://peckshield.com/2018/04/25/proxyOverflow/ | x_refsource_MISC |
| https://www.reddit.com/r/ethereum/comments/8esyg9… | x_refsource_MISC |
| https://dasp.co/#item-3 | x_refsource_MISC |
Date Public
2018-04-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:07.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://peckshield.com/2018/04/25/proxyOverflow/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dasp.co/#item-3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the \"proxyOverflow\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-27T03:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://peckshield.com/2018/04/25/proxyOverflow/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dasp.co/#item-3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the \"proxyOverflow\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://peckshield.com/2018/04/25/proxyOverflow/",
"refsource": "MISC",
"url": "https://peckshield.com/2018/04/25/proxyOverflow/"
},
{
"name": "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/",
"refsource": "MISC",
"url": "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/"
},
{
"name": "https://dasp.co/#item-3",
"refsource": "MISC",
"url": "https://dasp.co/#item-3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10376",
"datePublished": "2018-04-25T09:00:00.000Z",
"dateReserved": "2018-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:39:07.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}