CVE-2018-6353

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-6353

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6353.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-6353

Published

2018-01-27T15:29:00Z

Modified

2025-01-14T07:35:48.227370Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022.

References

Affected packages

Debian:11 / electrum

Package

Name: electrum
Purl: pkg:deb/debian/electrum?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.3-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / electrum

Package

Name: electrum
Purl: pkg:deb/debian/electrum?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.3-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / electrum

Package

Name: electrum
Purl: pkg:deb/debian/electrum?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.3-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/spesmilo/electrum

Affected ranges

Type: GIT
Repo: https://github.com/spesmilo/electrum
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2774126db6c258807d95921936eb13af07047d97

Last affected

a9973ce6ab60c21e8d074b1f0727d5dfc8ea7229

Last affected

b4e43754e0f60d8438b5fd412de816a466344401

Last affected

c26cc844f5dd3a91452dd84568dcacfec23679e2

Last affected

d599f11cceb0b74d092befff019097d0f0d3f2ac

Last affected

e9191caf3912066d3660becc11cab9c11ea17ba2

Affected versions

0.*

0.56

0.57

0.57a

0.57b

0.57c

0.58

0.59

0.59a

0.59b

0.60

0.61-r1

0.61b

1.*

1.1

1.2

1.3

1.5

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.6.0

1.6.1

1.6.2

1.7

1.7.1

1.7.2

1.7.3

1.7.4

1.7rc0

1.8

1.8.1

1.9

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.8

2.*

2.0

2.0-beta

2.0.1

2.0.2

2.0.3

2.0.4

2.0b2

2.0b3

2.1

2.1.1

2.2

2.3

2.3.1

2.3.2

2.3.3

2.4

2.4.1

2.4.2

2.4.3

2.5

2.5.1

2.5.2

2.5.3

2.5.4

2.6

2.6.1

2.6.2

2.6.3

2.6.4

2.7.0

2.7.1

2.7.10

2.7.11

2.7.12

2.7.13

2.7.14

2.7.15

2.7.16

2.7.17

2.7.18

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

2.8.0

2.8.1

2.8.2

2.9.0

2.9.1

2.9.2

2.9.3

2.9.4

3.*

3.0.0

Other

seed_v10

seed_v5

seed_v7

seed_v8

seed_v9