CVE-2018-18206 — Panic in github.com/bytom/bytom

Description

A malformed query can cause an out-of-bounds panic due to improper validation of arguments. If processing queries from untrusted parties, this may be used as a vector for denial of service attacks.

How to fix CVE-2018-18206

To remediate CVE-2018-18206, upgrade the affected package to a fixed version below.

Go/github.com/bytom/bytom—upgrade to 1.0.6 or later
—upgrade to 1.0.4-0.20180831054840-1ac3c8ac4f2b or later

Is CVE-2018-18206 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 1.0.6
from 0, < 1.0.4-0.20180831054840-1ac3c8ac4f2b

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-18206
PATCHgithub.com/Bytom/bytom
WEBgithub.com/Bytom/bytom/commit/1ac3c8ac4f2b1e1df9675228290bda6b9586ba42
WEBgithub.com/Bytom/bytom/pull/1307
WEBpkg.go.dev