Fortinet Discovers EOS WAVM Library Buffer Overflow Vulnerability
Fortinet's FortiGuard Labs has discovered a Buffer Overflow vulnerability in EOS Blockchain.
EOS.IO is a blockchain protocol powered by the native cryptocurrency EOS. The protocol emulates most of the attributes of a real computer including hardware (CPU(s) & GPU(s) for processing, local/RAM memory, hard-disk storage) with the computing resources distributed equally among EOS cryptocurrency holders. EOSIO operates as a smart contract platform and decentralized operating system intended for the deployment of industrial-scale decentralized applications through a decentralized autonomous corporation model. The smart contract platform claims to eliminate transaction fees and also conduct millions of transactions per second.
A Buffer Overflow vulnerability has been discovered in EOS Blockchain. The vulnerability is caused by a crafted .wast file which causes an out of bounds memory access. It could allow malicious users to create code execution scenarios.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Mar 13, 2019
Users should apply the solution provided by EOS Blockchain.
Fortinet reported the vulnerability to EOS on June 07, 2018.
EOS confirmed the vulnerability on June 18, 2018.
EOS patched the vulnerability on August 29, 2018.
This vulnerability was discovered by Kushal Arvind Shah of Fortinet's FortiGuard Labs.