CVE-2017-12119
Description
An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unhandled exception vulnerability in CPP-Ethereum's JSON-RPC allows remote attackers to cause denial of service via malformed JSON requests.
Vulnerability
An unhandled exception vulnerability exists in multiple APIs of the CPP-Ethereum JSON-RPC server, as detailed in the Talos report [1]. The affected version is Ethereum commit 4e1015743b95821849d001618a7ce82c7c073768 [1]. The bug resides in the lack of proper exception handling when parsing specially crafted JSON objects using the JsonCpp library. The following APIs are vulnerable: debug_storageRangeAt, debug_traceBlockByNumber (available by default), and miner_start, admin_eth_vmTrace, personal_newAccount, admin_eth_getReceiptByHashAndIndex, admin_setVerbosity, admin_verbosity (available when the --admin-via-http switch is used) [1].
Exploitation
An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted JSON request to any of the vulnerable APIs [1]. The malformed JSON triggers an unhandled exception in the asInt method of the JsonCpp library, causing the CPP-Ethereum client to crash [1]. No user interaction or special network position is required beyond network access to the JSON-RPC server.
Impact
Successful exploitation results in a denial of service (DoS) condition, crashing the CPP-Ethereum client and rendering the node unavailable [1]. The vulnerability has a CVSSv3 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high availability impact with no confidentiality or integrity compromise [1].
Mitigation
As of the publication date, no official fix has been disclosed in the available references [1]. Users should monitor the CPP-Ethereum project for updates or consider disabling the JSON-RPC server if not required. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog as of this writing.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Talos/CPP-Ethereumv5Range: Ethereum commit 4e1015743b95821849d001618a7ce82c7c073768
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Unhandled exception in JSON-RPC API handlers when Json::Value::asInt() receives an out-of-range integer value, causing abort()."
Attack vector
An attacker sends a specially crafted JSON-RPC request to one of the listed APIs, supplying an integer parameter whose value exceeds the range that `Json::Value::asInt()` can handle (e.g., a value larger than `0x7FFFFFFF` for a `uintValue` type). The JSON-RPC server calls `asInt()` on the parameter, which triggers `JSON_FAIL_MESSAGE` and calls `abort()`, crashing the entire node process [ref_id=1]. The attack is performed over the network via HTTP POST to the JSON-RPC endpoint (default port 8545) and requires no authentication for the APIs exposed by default (`debug_storageRangeAt`, `debug_traceBlockByNumber`); additional APIs require the `--admin-via-http` switch [ref_id=1].
Affected code
Multiple API handler functions in CPP-Ethereum's JSON-RPC server call `Json::Value::asInt()` on user-supplied integer parameters without catching the `Json::LogicError` exception that is thrown when the value exceeds the representable range. The vulnerable handlers are defined in `DebugFace.h` (`debug_traceBlockByNumberI`, `debug_storageRangeAtI`), `AdminEthFace.h` (`admin_eth_getReceiptByHashAndIndexI`, `admin_eth_vmTraceI`, `miner_startI`), `AdminUtilsFace.h` (`admin_setVerbosityI`, `admin_verbosityI`), and `PersonalFace.h` (`personal_unlockAccountI`) [ref_id=1].
What the fix does
The advisory does not include a patch or specific remediation code [ref_id=1]. The recommended fix is to wrap the `asInt()` calls in the vulnerable API handler functions with proper exception handling so that out-of-range integer values do not cause an unhandled abort. Alternatively, the server should validate integer parameters before conversion or use a safe conversion method that does not terminate the process on invalid input [ref_id=1].
Preconditions
- networkThe CPP-Ethereum JSON-RPC server must be running and reachable over the network.
- configFor default-vulnerable APIs (debug_storageRangeAt, debug_traceBlockByNumber), no authentication is required. For the other listed APIs, the --admin-via-http switch must be enabled.
- inputThe attacker supplies an integer parameter value larger than 0x7FFFFFFF (or otherwise outside the range representable by Json::Value::asInt).
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- www.securityfocus.com/bid/102475mitrevdb-entryx_refsource_BID
- www.talosintelligence.com/vulnerability_reports/TALOS-2017-0471mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.