Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2020-20178

Published: 24 May 2021

Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest version is affected by a denial of service vulnerability in the affected payout function. Once the length of this array is too long, it will result in an exception. Attackers can make attacks by creating a series of account addresses.

Notes

AuthorNote
mdeslaur 
Description refers to openldap, RedHat bug refers to this CVE
but is for ansible.
SUSE bug refers to commits from CVE-2021-27212
Not clear what this CVE applies to as of 2021-06-09
As of 2021-06-18, mitre description has switched to something
related to ethereum. Not sure what this CVE is about, but
marking it as not-affected.

Priority

Medium

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
openldap
Launchpad, Ubuntu, Debian 		bionic Not vulnerable

focal Not vulnerable

groovy Not vulnerable

hirsute Not vulnerable

impish Not vulnerable

jammy Not vulnerable

trusty Not vulnerable

upstream Needs triage

xenial Not vulnerable

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading