Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0yOWMyLTY1cmotaDM0M84AA5Cv

Nervos CKB Permit load cell data from memory

Impact

The faulty nodes will reject transactions which calls load_cell_data syscall but the input cell is still in the mempool. They also ban other nodes and cause the network separation.

Patches

0.35.2, 0.36.1, 0.37.1, 0.38.2

Permalink: https://github.com/advisories/GHSA-29c2-65rj-h343
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yOWMyLTY1cmotaDM0M84AA5Cv
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 27 days ago
Updated: 27 days ago


Identifiers: GHSA-29c2-65rj-h343
References:

Affected Packages

cargo:ckb
Versions: >= 0.38.0-rc1, < 0.38.2, >= 0.37.0-rc1, < 0.37.1, >= 0.36.0-rc1, < 0.36.1, >= 0.35.0-rc1, < 0.35.2, >= 0.39.0-rc1, < 0.39.0
Fixed in: 0.38.2, 0.37.1, 0.36.1, 0.35.2, 0.39.0