CVE-2018-18667

{"id": "CVE-2018-18667", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-12-28T17:29:00.607", "references": [{"url": "https://etherscan.io/address/0x7703c35cffdc5cda8d27aa3df2f9ba6964544b6e#code", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/klenergy/ethereum-contracts/issues/1", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value, a related issue to CVE-2018-11812."}, {"lang": "es", "value": "La funci\u00f3n mintToken de Pylon (PYLNT), tambi\u00e9n conocido como PylonToken, un token de Ethereum, tiene un desbordamiento de enteros que permite que el propietario del contrato establezca el balance de un usuario arbitrario en cualquier valor. Esto est\u00e1 relacionado con CVE-2018-11812."}], "lastModified": "2019-01-11T20:14:03.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pylon-network:pylontoken:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BB835AE-A4D2-4C12-AE83-DB20594263F7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}