|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-10376
|CWE ID|| CWE-190
|Public exploit||This vulnerability is being exploited in the wild.|
SmartMesh ERC20 token
Client/Desktop applications / Other client software
|Vendor||SmartMesh Foundation Pte. Ltd.|
This security advisory describes one high risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to manipulate digital assets.
The vulnerability exists due to integer overflow in a smart contract implementation for SmartMesh (aka SMT) within Ethereum ERC20 token. A remote unauthenticated attacker can increase digital assets via crafted _fee and _value parameter.
Note: the vulnerability was actively exploited in April 2018 and was dubbed "proxyOverflow".Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
SmartMesh ERC20 token: All versionsCPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.