Integer overflow in netkilleradvancedtokenairdrop - CVE-2018-13761
Published: July 9, 2018 / Updated: August 8, 2020
Vulnerability identifier: #VU36936
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-13761
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: netkilleradvancedtokenairdrop project
Affected software:
netkilleradvancedtokenairdrop
netkilleradvancedtokenairdrop
Detailed vulnerability description
The vulnerability allows a remote attacker to manipulate contract balance.
The vulnerability exists in mintToken function of a smart contract implementation for NetkillerAdvancedTokenAirDrop that is an implementation of the Ethereum token. Successful exploitation of the vulnerability may allow the owner of the contract to set the balance of an arbitrary user to any value.
How to mitigate CVE-2018-13761
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.