CVE-2020-24837
Last modified
CVE-2020-24837 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. EPSS estimates a 1.57% chance of exploitation in the next 30 days.
Description
An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zcfees Project | Zcfees | All versions |
References
- https://etherscan.io/address/0x9d79c6e2a0222b9ac7bfabc447209c58fe9e0dcc#codePatch, Third Party Advisory
- https://etherscan.io/address/0x9d79c6e2a0222b9ac7bfabc447209c58fe9e0dcc#codePatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-24837?
How severe is CVE-2020-24837?
How do I fix CVE-2020-24837?
Are you affected by CVE-2020-24837?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST