CVE-2018-16733
published 2018-09-08CVE-2018-16733: In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.
PriorityP433high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EPSS
1.25%
65.7th percentile
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ethereum | go_ethereum | < 1.8.14 | 1.8.14 |
| github.com | ethereum_go-ethereum | >= 0 < 1.8.14 | 1.8.14 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Go Ethereum Improper Input Validation in github.com/ethereum/go-ethereum
osv·2024-08-21
CVE-2018-16733 Go Ethereum Improper Input Validation in github.com/ethereum/go-ethereum
Go Ethereum Improper Input Validation in github.com/ethereum/go-ethereum
Go Ethereum Improper Input Validation in github.com/ethereum/go-ethereum
GHSA
Go Ethereum Improper Input Validation
ghsa·2021-05-18
CVE-2018-16733 [HIGH] CWE-20 Go Ethereum Improper Input Validation
Go Ethereum Improper Input Validation
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.
### Specific Go Packages Affected
github.com/ethereum/go-ethereum/eth
OSV
Go Ethereum Improper Input Validation
osv·2021-05-18
CVE-2018-16733 [HIGH] Go Ethereum Improper Input Validation
Go Ethereum Improper Input Validation
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.
### Specific Go Packages Affected
github.com/ethereum/go-ethereum/eth
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-09-08
Published