CVE-2018-16733Improper Input Validation in Ethereum Go-ethereum

CWE-20Improper Input ValidationCWE-1288Improper Validation of Consistency within Input6 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 53.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Ethereum Go-ethereumEthereum GO Ethereum
Timeline
PublishedSep 8
Latest updateAug 21

Description

In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDethereum/go_ethereum< 1.8.14

🔴Vulnerability Details

4
OSV
Go Ethereum Improper Input Validation in github.com/ethereum/go-ethereum2024-08-21
GHSA
Go Ethereum Improper Input Validation2021-05-18
OSV
Go Ethereum Improper Input Validation2021-05-18
CVEList
CVE-2018-16733: In Go Ethereum (aka geth) before 12018-09-08

📐Framework References

1
CWE
Improper Validation of Consistency within Input
CVE-2018-16733 — Improper Input Validation | cvebase