CVE-2018-3972 | An exploitable code execution vulnerability exists in the Le… | CVSS 10.0 CRITICAL

Description

An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability.

Metadata

CVE ID: CVE-2018-3972
State: PUBLISHED
Assigner: talos
Reserved: 2018-01-02 00:00 UTC
Published: 2018-09-26 13:00 UTC
Last updated: 2024-09-17 00:30 UTC
Vendor / Product: https://github.com/sabelnikov / Epee
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.0

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
https://github.com/sabelnikov	Epee	—	as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700)

Weakness (CWE)

CWE	Source	Description
—	cna	remote code execution

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (2)