Fortinet Discovers EOS WASMSDK Buffer Overflow Vulnerability
Fortinet's FortiGuard Labs has discovered a Buffer Overflow vulnerability in EOS Blockchain WASMSDK.
EOS.IO is a blockchain protocol powered by the native cryptocurrency EOS. The protocol emulates most of the attributes of a real computer including hardware (CPU(s) & GPU(s) for processing, local/RAM memory, hard-disk storage) with the computing resources distributed equally among EOS cryptocurrency holders. EOSIO operates as a smart contract platform and decentralized operating system intended for the deployment of industrial-scale decentralized applications through a decentralized autonomous corporation model. The smart contract platform claims to eliminate transaction fees and also conduct millions of transactions per second.
A Buffer Overflow vulnerability has been discovered in EOS Blockchain WASMSDK. The vulnerability is caused by a crafted wasm file which causes an out of bounds memory access. It could allow malicious users to create code execution scenarios.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Mar 13, 2019
Users should apply the solution provided by EOS Blockchain.
Fortinet reported the vulnerability to EOS on August 06, 2018.
EOS confirmed the vulnerability on August 07, 2018.
EOS patched the vulnerability on August 16, 2018.
This vulnerability was discovered by Kushal Arvind Shah of Fortinet's FortiGuard Labs.