CVE-2018-19183

HIGH

ethereumjs-vm 2.4.0 - Denial of Service via Code Buffer Handling

Title source: llm
STIX 2.1

Description

ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to a normal programmatic execution result.

Scores

CVSS v3 7.5
EPSS 0.0310
EPSS Percentile 86.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-119
Status published
Products (2)
ethereumjs-vm_project/ethereumjs-vm 2.4.0
npm/ethereumjs-vm 0npm
Published Nov 12, 2018
Tracked Since Feb 18, 2026