CVE-2020-24837 - CERT CVE
ID CVE-2020-24837
Sažetak An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.
Reference
CVSS
Base: 5.0
Impact: 2.9
Exploitability:10.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE PARTIAL NONE
CVSS vektor AV:N/AC:L/Au:N/C:N/I:P/A:N
Zadnje važnije ažuriranje 17-02-2021 - 13:38
Objavljeno 10-02-2021 - 16:15