Improper input validation in Simpleledger Slp-validate
CVE-2019-16761
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slp-validate@1.0.0 npm package. An attacker could create a specially crafted Bitcoin script in order to c…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.004 (59.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.7 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H.
Affected products
- Simpleledger Slp-validate — versions 1.0.0
Weakness classification (CWE)
References
- github.com/simpleledger/slp-validate/security/advisories/GHSA-wmx6-vxcf-c3gr (x_refsource_CONFIRM)
- github.com/simpleledger/slp-validate/commit/50ad96c2798dad6b9f9a13333dd05232def… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-16761?
- CVE-2019-16761 is a medium-severity vulnerability in Simpleledger Slp-validate, classified under Improper Input Validation. CVSS score: 5.7/10. Published 2019-11-15.
- How severe is CVE-2019-16761?
- Medium severity. CVSS v3 base score is 5.7 out of 10.