CVE-2018-19183

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-19183

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19183.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-19183

Aliases

GHSA-2mw7-wggm-m6w3

Published

2018-11-12T02:29:00.327Z

Modified

2026-04-10T04:08:47.967566Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to a normal programmatic execution result.

References

Affected packages

Git / github.com/ethereumjs/ethereumjs-vm

Affected ranges

Type

GIT

Repo

https://github.com/ethereumjs/ethereumjs-vm

Events

Introduced

Last affected

7330c4ace495903748c606a47a8b993812504db8

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0"
        }
    ]
}

Affected versions

@ethereumjs/block@3.*

@ethereumjs/block@3.0.0

@ethereumjs/block@3.0.0-beta.1

@ethereumjs/block@3.0.0-beta.2

@ethereumjs/block@3.0.0-rc.1

@ethereumjs/block@3.1.0

@ethereumjs/block@3.2.0

@ethereumjs/block@3.2.1

@ethereumjs/block@3.3.0

@ethereumjs/block@3.4.0

@ethereumjs/block@3.5.0

@ethereumjs/block@3.5.1

@ethereumjs/block@3.6.0

@ethereumjs/block@3.6.1

@ethereumjs/block@3.6.2

@ethereumjs/blockchain@5.*

@ethereumjs/blockchain@5.0.0

@ethereumjs/blockchain@5.0.0-beta.1

@ethereumjs/blockchain@5.0.0-beta.2

@ethereumjs/blockchain@5.0.0-rc.1

@ethereumjs/blockchain@5.1.0

@ethereumjs/blockchain@5.2.0

@ethereumjs/blockchain@5.2.1

@ethereumjs/blockchain@5.3.0

@ethereumjs/blockchain@5.3.1

@ethereumjs/blockchain@5.4.0

@ethereumjs/blockchain@5.4.1

@ethereumjs/blockchain@5.4.2

@ethereumjs/blockchain@5.5.0

@ethereumjs/blockchain@5.5.1

@ethereumjs/blockchain@5.5.2

@ethereumjs/client@0.*

@ethereumjs/client@0.1.0

@ethereumjs/client@0.2.0

@ethereumjs/client@0.3.0

@ethereumjs/client@0.4.0

@ethereumjs/common@1.*

@ethereumjs/common@1.5.1

@ethereumjs/common@2.*

@ethereumjs/common@2.0.0

@ethereumjs/common@2.0.0-beta.1

@ethereumjs/common@2.0.0-beta.2

@ethereumjs/common@2.0.0-rc.1

@ethereumjs/common@2.1.0

@ethereumjs/common@2.2.0

@ethereumjs/common@2.3.0

@ethereumjs/common@2.3.1

@ethereumjs/common@2.4.0

@ethereumjs/common@2.5.0

@ethereumjs/common@2.6.0

@ethereumjs/common@2.6.1

@ethereumjs/common@2.6.2

@ethereumjs/common@2.6.3

@ethereumjs/devp2p@4.*

@ethereumjs/devp2p@4.0.0

@ethereumjs/devp2p@4.1.0

@ethereumjs/devp2p@4.2.0

@ethereumjs/devp2p@4.2.1

@ethereumjs/ethash@1.*

@ethereumjs/ethash@1.0.0

@ethereumjs/ethash@1.0.0-beta.1

@ethereumjs/ethash@1.0.0-rc.1

@ethereumjs/ethash@1.1.0

@ethereumjs/tx@3.*

@ethereumjs/tx@3.0.0

@ethereumjs/tx@3.0.0-beta.1

@ethereumjs/tx@3.0.0-beta.2

@ethereumjs/tx@3.0.0-rc.1

@ethereumjs/tx@3.0.1

@ethereumjs/tx@3.0.2

@ethereumjs/tx@3.1.0

@ethereumjs/tx@3.1.1

@ethereumjs/tx@3.1.2

@ethereumjs/tx@3.1.3

@ethereumjs/tx@3.1.4

@ethereumjs/tx@3.2.0

@ethereumjs/tx@3.2.1

@ethereumjs/tx@3.3.0

@ethereumjs/tx@3.3.1

@ethereumjs/tx@3.3.2

@ethereumjs/tx@3.4.0

@ethereumjs/tx@3.5.0

@ethereumjs/tx@3.5.1

@ethereumjs/vm@1.*

@ethereumjs/vm@1.0.0

@ethereumjs/vm@1.0.3

@ethereumjs/vm@1.2.0

@ethereumjs/vm@1.2.1

@ethereumjs/vm@1.3.0

@ethereumjs/vm@1.4.0

@ethereumjs/vm@2.*

@ethereumjs/vm@2.0.0

@ethereumjs/vm@2.0.1

@ethereumjs/vm@2.1.0

@ethereumjs/vm@2.2.0

@ethereumjs/vm@2.2.1

@ethereumjs/vm@2.2.2

@ethereumjs/vm@2.3.1

@ethereumjs/vm@2.3.2

@ethereumjs/vm@2.3.3

@ethereumjs/vm@2.3.4

@ethereumjs/vm@2.3.5

@ethereumjs/vm@2.4.0

@ethereumjs/vm@2.5.0

@ethereumjs/vm@2.5.1

@ethereumjs/vm@2.6.0

@ethereumjs/vm@3.*

@ethereumjs/vm@3.0.0

@ethereumjs/vm@4.*

@ethereumjs/vm@4.0.0

@ethereumjs/vm@4.0.0-beta.1

@ethereumjs/vm@4.1.0

@ethereumjs/vm@4.1.1

@ethereumjs/vm@4.1.2

@ethereumjs/vm@4.1.3

@ethereumjs/vm@5.*

@ethereumjs/vm@5.0.0

@ethereumjs/vm@5.0.0-beta.1

@ethereumjs/vm@5.0.0-beta.2

@ethereumjs/vm@5.0.0-rc.1

@ethereumjs/vm@5.1.0

@ethereumjs/vm@5.2.0

@ethereumjs/vm@5.3.0

@ethereumjs/vm@5.3.1

@ethereumjs/vm@5.4.0

@ethereumjs/vm@5.4.1

@ethereumjs/vm@5.5.0

@ethereumjs/vm@5.5.1

@ethereumjs/vm@5.5.2

@ethereumjs/vm@5.5.3

@ethereumjs/vm@5.6.0

@ethereumjs/vm@5.7.0

@ethereumjs/vm@5.7.1

@ethereumjs/vm@5.8.0

ethereumjs-util@7.*

ethereumjs-util@7.0.10

ethereumjs-util@7.1.0

ethereumjs-util@7.1.1

ethereumjs-util@7.1.2

ethereumjs-util@7.1.3

ethereumjs-util@7.1.4

merkle-patricia-tree@4.*

merkle-patricia-tree@4.1.0

merkle-patricia-tree@4.2.0

merkle-patricia-tree@4.2.1

merkle-patricia-tree@4.2.2

merkle-patricia-tree@4.2.3

merkle-patricia-tree@4.2.4

rlp@3.*

rlp@3.0.0

v2.*

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.4.0

v2.5.0

v2.5.1

v2.6.0

v3.*

v3.0.0

v4.*

v4.0.0

v4.0.0-beta.1

v4.1.0

v4.1.1

v4.1.2

v4.1.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19183.json"