CVE-2018-19183

Name of the Vulnerable Software and Affected Versions ethereumjs-vm version 2.4.0

Description The issue allows attackers to cause a denial of service, leading to vm.runCode failure and REVERT, via a code attribute set to Buffer.from(my code, 'hex'). It's worth noting that the vendor disputes this, as REVERT is considered a normal bytecode that can be triggered from high-level source code, resulting in a normal programmatic execution result.

Recommendations For ethereumjs-vm version 2.4.0, consider restricting the use of the code attribute with Buffer.from(my code, 'hex') to minimize the risk of denial of service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.