{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T08:44:24.873","vulnerabilities":[{"cve":{"id":"CVE-2018-3972","sourceIdentifier":"talos-cna@cisco.com","published":"2018-09-26T12:29:00.220","lastModified":"2024-11-21T04:06:24.713","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad de deserialización de Levin de la biblioteca Epee, tal y como se utiliza en Lithium Luna, de Monero (v0.12.2.0-master-ffab6700) y otras criptomonedas. Un paquete de red especialmente manipulado puede provocar un error de lógica que resulta en la ejecución de código. Un atacante puede enviar un paquete para provocar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:getmonero:monero:0.12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1609CE9B-7E0A-4143-983B-E2C61838F4FB"}]}]}],"references":[{"url":"https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html","source":"talos-cna@cisco.com","tags":["Third Party Advisory"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}