CVE-2018-14003 - OpenCVE

An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Wmctoken Project	Wmctoken

Configuration 1 [-]

cpe:2.3:a:wmctoken_project:wmctoken:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md	Exploit Third Party Advisory
https://github.com/VenusADLab/EtherTokens/tree/master/WeMediaChain%28WMC%29

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-07-12T15:00:00

Updated: 2018-07-12T15:57:01

Reserved: 2018-07-12T00:00:00

Link: CVE-2018-14003

JSON object: View

NVD Information

Status : Modified

Published: 2018-07-12T15:29:00.373

Modified: 2023-11-07T02:52:53.467

Link: CVE-2018-14003

JSON object: View

Redhat Information

No data.

CWE

CWE-190

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-07-12T00:00:00", "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-12T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/VenusADLab/EtherTokens/tree/master/WeMediaChain%28WMC%29"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14003", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md", "refsource": "MISC", "url": "https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md"}, {"name": "https://github.com/VenusADLab/EtherTokens/tree/master/WeMediaChain(WMC)", "refsource": "MISC", "url": "https://github.com/VenusADLab/EtherTokens/tree/master/WeMediaChain(WMC)"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14003", "datePublished": "2018-07-12T15:00:00", "dateReserved": "2018-07-12T00:00:00", "dateUpdated": "2018-07-12T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wmctoken_project:wmctoken:-:*:*:*:*:*:*:*", "matchCriteriaId": "D343DF23-71F4-41AF-A46E-29BA818FE80C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de enteros en la funci\u00f3n batchTransfer de WeMediaChain (WMC), un token de contrato inteligente de Ethereum. Un atacante podr\u00eda emplearla para asignar el balance de cualquier usuario."}], "id": "CVE-2018-14003", "lastModified": "2023-11-07T02:52:53.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-12T15:29:00.373", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md"}, {"source": "cve@mitre.org", "url": "https://github.com/VenusADLab/EtherTokens/tree/master/WeMediaChain%28WMC%29"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}