CVE-2018-11687
An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- June 03, 2018
- Published Date
- August 15, 2018
- Last Updated
- August 05, 2024
- Vendor
- Bitcoin Red
- Product
- Bitcoin Red (BTCR)
- Description
- An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the "ownerUnderflow" issue.
CVSS Scores
CVSS v3.0
7.5 - HIGH
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS v2.0
5.0
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Exploit Status
- Exploited in the Wild
- Yes (2018-08-15 17:00:00 UTC) Source
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CVE | 2018-08-15 17:00:00 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel