CVE-2018-19158
HIGHColossusCoinXT <= 1.0.5 - Denial of Service via Invalid Block Headers
Title source: llmDescription
ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
https://medium.com/%40dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806
Technical Description, Third Party Advisory x_refsource_misc
http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf
Patch x_refsource_confirm
https://github.com/ColossusCoinXT/ColossusCoinXT/compare/0223904...9666bb8
Scores
CVSS v3
7.5
EPSS
0.0260
EPSS Percentile
83.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (1)
colossusxt/colossuscoinxt
< 1.0.5
Published
Mar 21, 2019
Tracked Since
Feb 18, 2026