Floating-Point Mishandling in espritblock eos4j SDK Allows Unauthorized Currency Transfers

Floating-Point Mishandling in espritblock eos4j SDK Allows Unauthorized Currency Transfers

CVE-2018-14439 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency transfers of unintended amounts.

Learn more about our Web Application Penetration Testing UK.