Research - [CVE-2020-26800] Stack based buffer overflow while parsing JSON file in Aleth C++ Ethereum client (0day)
Title: Stack based buffer overflow while parsing JSON file in Aleth C++ Ethereum client
Date: 11/01/2021
CVE-ID: CVE-2020-26800
CVSS Score: 5.5 (v3)
Author: Thomas Sermpinis
Versions: <= 1.8.0
Package URL: https://github.com/ethereum/aleth
Tested on: Aleth C++ Ethereum Client 1.8.0
An attacker can supply a specially crafted config.json file, consisting of 3764 left square brackets or more, which results in segmentation fault by the application. This immediately results in Denial of Service, and with more advanced exploitation it can have further implications, with higher severity security issues.