A vulnerability was found in ViaBTC Exchange Server (unknown version). It has been rated as critical. Affected by this issue is an unknown code block of the file utils/ut_ws_svr.c. The manipulation with an unknown input leads to a integer overflow vulnerability. Using CWE to declare the problem leads to CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. Impacted is confidentiality, integrity, and availability. CVE summarizes:

utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.

The bug was discovered 08/09/2018. The weakness was shared 09/26/2018 (Website). The advisory is available at github.com. This vulnerability is handled as CVE-2018-17570 since 09/26/2018. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are known, but there is no available exploit.

The vulnerability was handled as a non-public zero-day exploit for at least 12 days. During that time the estimated underground price was around $0-$5k.

Upgrading eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

The entries 124513 and 124512 are related to this item.

Productinfo

Vendor

• ViaBTC

Name

• Exchange Server

License

• open-source

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion