Vulnerability Details CVE-2019-16762
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any version >= 0.21.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.4%
CVSS Severity
CVSS v3 Score 5.7
CVSS v2 Score 4.9
References
- https://github.com/simpleledger/slpjs/commit/ac8809b42e47790a6f0205991b36f2699ed10c84#diff-fe58606994c412ba56a65141a7aa4a62L701
- https://github.com/simpleledger/slpjs/security/advisories/GHSA-425c-ccf3-3jrr
- https://github.com/simpleledger/slpjs/commit/ac8809b42e47790a6f0205991b36f2699ed10c84#diff-fe58606994c412ba56a65141a7aa4a62L701
- https://github.com/simpleledger/slpjs/security/advisories/GHSA-425c-ccf3-3jrr
Products affected by CVE-2019-16762
-
cpe:2.3:a:simpleledger:slpjs:-
-
cpe:2.3:a:simpleledger:slpjs:0.10.2
-
cpe:2.3:a:simpleledger:slpjs:0.10.4
-
cpe:2.3:a:simpleledger:slpjs:0.10.5
-
cpe:2.3:a:simpleledger:slpjs:0.11.2
-
cpe:2.3:a:simpleledger:slpjs:0.11.3
-
cpe:2.3:a:simpleledger:slpjs:0.11.4
-
cpe:2.3:a:simpleledger:slpjs:0.12.2
-
cpe:2.3:a:simpleledger:slpjs:0.14.0
-
cpe:2.3:a:simpleledger:slpjs:0.15.13
-
cpe:2.3:a:simpleledger:slpjs:0.15.3
-
cpe:2.3:a:simpleledger:slpjs:0.16.0
-
cpe:2.3:a:simpleledger:slpjs:0.16.1
-
cpe:2.3:a:simpleledger:slpjs:0.16.2
-
cpe:2.3:a:simpleledger:slpjs:0.16.3
-
cpe:2.3:a:simpleledger:slpjs:0.17.0
-
cpe:2.3:a:simpleledger:slpjs:0.18.0
-
cpe:2.3:a:simpleledger:slpjs:0.18.2
-
cpe:2.3:a:simpleledger:slpjs:0.18.4
-
cpe:2.3:a:simpleledger:slpjs:0.21.1