CVE-2018-19158

{"id": "CVE-2018-19158", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-03-21T16:00:30.140", "references": [{"url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", "tags": ["Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/ColossusCoinXT/ColossusCoinXT/compare/0223904...9666bb8", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://medium.com/%40dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk."}, {"lang": "es", "value": "ColossusCoinXT (una criptomoneda de prueba de participaci\u00f3n basada en chain), hasta la versi\u00f3n 1.0.5, permite una denegaci\u00f3n de servicio remota, explotable por un atacante que obtiene aunque sea una peque\u00f1a cantidad de participaciones/monedas en el sistema. El atacante env\u00eda cabeceras/bloques inv\u00e1lidos que se almacenan en el disco de la v\u00edctima."}], "lastModified": "2023-11-07T02:55:25.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:colossusxt:colossuscoinxt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C316BE5-6BA2-49A6-B3C5-41D52A27A453", "versionEndIncluding": "1.0.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}