High severity8.8NVD Advisory· Published Nov 12, 2018· Updated Jun 17, 2026
CVE-2018-18920
CVE-2018-18920
Description
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
py-evmPyPI | <= 0.2.0a33 | — |
Affected products
1Patches
Vulnerability mechanics
References
9- github.com/ethereum/py-evm/issues/1448nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-vqgp-4jgj-5j64ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-18920ghsaADVISORY
- twitter.com/AlexanderFisher/status/1060923428641878019nvdThird Party AdvisoryWEB
- twitter.com/NettaLab/status/1060889400102383617nvdThird Party AdvisoryWEB
- www.reddit.com/r/ethereum/comments/9vkk2g/netta_labs_claim_to_have_found_a_vulnerability_in/e9d3wyx/nvdThird Party Advisory
- github.com/pypa/advisory-database/tree/main/vulns/evm-py/PYSEC-2018-155.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/py-evm/PYSEC-2018-96.yamlghsaWEB
- www.reddit.com/r/ethereum/comments/9vkk2g/netta_labs_claim_to_have_found_a_vulnerability_in/e9d3wyxghsaWEB
News mentions
0No linked articles in our index yet.