Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS03Znc2LTZtZmotZzNxMs4AAvq-

ckb: Transaction header_deps validation issue (network forking)

Impact

fn HeaderChecker#check_valid skipped main chain checking after this PR: https://github.com/nervosnetwork/ckb/pull/1646/files#diff-c4e017b67c1b3005ca0c446a9b0879571aa36a858b1f7ddd1b9328a884e3214bR171-R176

It will cause network forking if one transaction is using a forked block header which is not exists in local node's storage.

Patches

0.101.1 and later versions

Permalink: https://github.com/advisories/GHSA-7fw6-6mfj-g3q2
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03Znc2LTZtZmotZzNxMs4AAvq-
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 11 months ago
Updated: 9 months ago


Identifiers: GHSA-7fw6-6mfj-g3q2
References:

Affected Packages

cargo:ckb
Versions: <= 0.101.0
Fixed in: 0.101.1