CVE-2020-20178
Publication date 24 May 2021
Last updated 24 July 2024
Ubuntu priority
Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest version is affected by a denial of service vulnerability in the affected payout function. Once the length of this array is too long, it will result in an exception. Attackers can make attacks by creating a series of account addresses.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| openldap | 22.04 LTS jammy |
Not affected
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
mdeslaur
Description refers to openldap, RedHat bug refers to this CVE but is for ansible. SUSE bug refers to commits from CVE-2021-27212 Not clear what this CVE applies to as of 2021-06-09 As of 2021-06-18, mitre description has switched to something related to ethereum. Not sure what this CVE is about, but marking it as not-affected.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.5 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |