CVE-2018-19158 - Vulnerability Details - OpenCVE

ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Colossusxt	Colossuscoinxt

Configuration 1 [-]

cpe:2.3:a:colossusxt:colossuscoinxt:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf
https://github.com/ColossusCoinXT/ColossusCoinXT/compare/0223904...9666bb8
https://medium.com/%40dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-17T21:22:48

Updated: 2024-08-05T11:30:04.112Z

Reserved: 2018-11-10T00:00:00

Link: CVE-2018-19158

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-03-21T16:00:30.140

Modified: 2024-11-21T03:57:27.103

Link: CVE-2018-19158

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-17T21:22:48", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://medium.com/%40dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806"}, {"tags": ["x_refsource_MISC"], "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ColossusCoinXT/ColossusCoinXT/compare/0223904...9666bb8"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19158", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", "refsource": "MISC", "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806"}, {"name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", "refsource": "MISC", "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf"}, {"name": "https://github.com/ColossusCoinXT/ColossusCoinXT/compare/0223904...9666bb8", "refsource": "CONFIRM", "url": "https://github.com/ColossusCoinXT/ColossusCoinXT/compare/0223904...9666bb8"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:30:04.112Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://medium.com/%40dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ColossusCoinXT/ColossusCoinXT/compare/0223904...9666bb8"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-19158", "datePublished": "2019-03-17T21:22:48", "dateReserved": "2018-11-10T00:00:00", "dateUpdated": "2024-08-05T11:30:04.112Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:colossusxt:colossuscoinxt:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C316BE5-6BA2-49A6-B3C5-41D52A27A453", "versionEndIncluding": "1.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk."}, {"lang": "es", "value": "ColossusCoinXT (una criptomoneda de prueba de participaci\u00f3n basada en chain), hasta la versi\u00f3n 1.0.5, permite una denegaci\u00f3n de servicio remota, explotable por un atacante que obtiene aunque sea una peque\u00f1a cantidad de participaciones/monedas en el sistema. El atacante env\u00eda cabeceras/bloques inv\u00e1lidos que se almacenan en el disco de la v\u00edctima."}], "id": "CVE-2018-19158", "lastModified": "2024-11-21T03:57:27.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-21T16:00:30.140", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/ColossusCoinXT/ColossusCoinXT/compare/0223904...9666bb8"}, {"source": "cve@mitre.org", "url": "https://medium.com/%40dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/ColossusCoinXT/ColossusCoinXT/compare/0223904...9666bb8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://medium.com/%40dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}