0day - [CVE-2020-26800] Stack based buffer overflow while parsing JSON file in Aleth C++ Ethereum client
Title: Stack based buffer overflow while parsing JSON file in Aleth C++ Ethereum client
Author: Thomas Sermpinis
Versions: <= 1.8.0
Package URL: https://github.com/ethereum/aleth
Tested on: Aleth C++ Ethereum Client 1.8.0
An attacker can supply a specially crafted config.json file, consisting of 3764 left square brackets or more, which results in segmentation fault by the application. This immediately results in Denial of Service, and with more advanced exploitation it can have further implications, with higher severity security issues.