Main Vulnerability Database Vulnerabilities #VU12285

#VU12285 Integer overflow in Useless Ethereum Token - CVE-2018-10468

Published: April 28, 2018 / Updated: April 29, 2018

Vulnerability identifier: #VU12285

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2018-10468

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Useless Ethereum Token

Software vendor:
Useless Ethereum Token

Description

The vulnerability allows a remote attacker to steal digital assets.

The vulnerability exists due to integer overflow within the transferFrom() function of a smart contract implementation for Useless Ethereum Token (UET). A remote attacker can steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect.

The vulnerability was dubbed "transferFlaw" and has been exploited in the wild in December 2017.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://peckshield.com/2018/04/28/transferFlaw/

#VU12285 Integer overflow in Useless Ethereum Token - CVE-2018-10468

Description

Remediation

External links

Please verify you're human