CVE-2018-13877

{"id": "CVE-2018-13877", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-08-06T20:29:01.443", "references": [{"url": "https://medium.com/coinmonks/denial-of-service-dos-attack-on-megacryptopolis-an-ethereum-game-cve-2018-13877-cdd7f7ef8b08", "tags": ["Broken Link"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. If a smart contract that has a fallback function always causing exceptions buys a land, users cannot buy lands near that contract's land, because those purchase attempts will not be completed unless the doPayouts() function successfully sends Ether to certain neighbors."}, {"lang": "es", "value": "La funci\u00f3n doPayouts() de la implementaci\u00f3n de contrato inteligente para MegaCryptoPolis, un juego de Ethereum, tiene una vulnerabilidad de denegaci\u00f3n de servicio. Si un contrato inteligente que tiene una funci\u00f3n fallbackque siempre provoca excepciones compra una tierra, los usuarios no pueden comprar tierras cerca de la tierra de ese contrato, ya que esos intentos de compra no se completar\u00e1n a no ser que la funci\u00f3n doPayouts() env\u00ede Ether a ciertos vecinos."}], "lastModified": "2018-10-16T16:28:59.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:megacryptopolis:megacryptopolis:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B6EDDF5-03F8-40C3-89F5-EE6C87A2229A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}