Fortinet Discovers EOS Binaryen Library Heap Overflow Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a Heap Overflow vulnerability in EOS Blockchain.
EOS.IO is a blockchain protocol powered by the native cryptocurrency EOS. The protocol emulates most of the attributes of a real computer including hardware (CPU(s) & GPU(s) for processing, local/RAM memory, hard-disk storage) with the computing resources distributed equally among EOS cryptocurrency holders. EOSIO operates as a smart contract platform and decentralized operating system intended for the deployment of industrial-scale decentralized applications through a decentralized autonomous corporation model. The smart contract platform claims to eliminate transaction fees and also conduct millions of transactions per second.
A Heap Overflow vulnerability has been discovered in EOS Blockchain. The vulnerability is caused by a crafted .s file which causes Heap Overflow. It could allow malicious users to create code execution scenarios.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:EOS.Binaryen.Library.Heap.Buffer.Overflow
Released Mar 13, 2019
Users should apply the solution provided by EOS Blockchain.
Timeline
Fortinet reported the vulnerability to EOS on June 07, 2018.
EOS confirmed the vulnerability on June 18, 2018.
EOS patched the vulnerability on August 29, 2018.