Title: Stack based buffer overflow while parsing JSON file in Aleth C++ Ethereum client

Date: 11/01/2021

CVE-ID: CVE-2020-26800

Author: Thomas Sermpinis

Versions: <= 1.8.0

Package URL: https://github.com/ethereum/aleth

Tested on: Aleth C++ Ethereum Client 1.8.0

An attacker can supply a specially crafted config.json file, consisting of 3764 left square brackets or more, which results in segmentation fault by the application. This immediately results in Denial of Service, and with more advanced exploitation it can have further implications, with higher severity security issues.

Technical Report

CVE-ID (Mitre)

CVE-ID (NIST)