- 1457765088 bpthumb - Multiple Vulnerabilities in the CPP and Parity Ethereum Client

Talos is disclosing the presence of multiple vulnerabilities in the and the Parity clients.

TALOS-2017-003 / CVE-2017-1447 describes a denial of service vulnerability and potential memory leak in libevm. The function is not currently enabled in the default build. This vulnerability only affects nodes which have manually enabled it during build .

TALOS-2017-0508 / CVE-2017-14460 is an overly permissive cross-domain (CORS) whitelist policy vulnerability in the Ethereum Parity . It can lead to the leak of sensitive about existing accounts, parity settings and network configurations, in addition to accounts and parity settings modifications, if certain APIs have been turned on.

Further on, TALOS-2017-0464 – TALOS-2017-0471 / CVE-2017-112 – CVE-2017-119 describe multiple Authorization Bypass Vulnerabilities which an attacker could misuse to access functionality reserved only for users with administrative privileges without any credentials.

Finally, Talos found TALOS-2017-0471 / CVE-2017-12119, another denial of service vulnerabilities in the CPP-Ethereum JSON-RPC implementation. A specially crafted json request can cause an unhandled exception resulting in a denial of service.


<<


Source link


Please enter your comment!
Please enter your name here