CVE-2018-19163: Uncontrolled Resource Consumption

November 5, 2019 (updated November 6, 2019)

stratisX (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim’s disk.

References

fc19.ifca.ai/preproceedings/180-preproceedings.pdf
medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806
nvd.nist.gov/vuln/detail/CVE-2018-19163

Detect and mitigate CVE-2018-19163 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →