Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yOWMyLTY1cmotaDM0M84AA5Cv
Nervos CKB Permit load cell data from memory
Impact
The faulty nodes will reject transactions which calls load_cell_data
syscall but the input cell is still in the mempool. They also ban other nodes and cause the network separation.
Patches
0.35.2, 0.36.1, 0.37.1, 0.38.2
Permalink: https://github.com/advisories/GHSA-29c2-65rj-h343JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yOWMyLTY1cmotaDM0M84AA5Cv
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: 3 months ago
Identifiers: GHSA-29c2-65rj-h343
References:
- https://github.com/nervosnetwork/ckb/security/advisories/GHSA-29c2-65rj-h343
- https://github.com/nervosnetwork/ckb/commit/277061867eb7d2766fa6737c8bf00684fc2462a6
- https://github.com/nervosnetwork/ckb/commit/37d60d581c6713d3aca1a57018eaea45447ae0b2
- https://github.com/nervosnetwork/ckb/commit/8f115b387f8f60f938bce4591f26cd78430b8771
- https://github.com/nervosnetwork/ckb/commit/91efb7b6b4329d70d60eee91d5239a2de9b0d99f
- https://github.com/nervosnetwork/ckb/commit/97647408ee9dbf525f6c678796e770887c9f8738
- https://github.com/advisories/GHSA-29c2-65rj-h343
Blast Radius: 1.0
Affected Packages
cargo:ckb
Dependent packages: 0Dependent repositories: 0
Downloads: 21,044 total
Affected Version Ranges: >= 0.38.0-rc1, < 0.38.2, >= 0.37.0-rc1, < 0.37.1, >= 0.36.0-rc1, < 0.36.1, >= 0.35.0-rc1, < 0.35.2, >= 0.39.0-rc1, < 0.39.0
Fixed in: 0.38.2, 0.37.1, 0.36.1, 0.35.2, 0.39.0
All affected versions: 0.37.0, 0.38.0
All unaffected versions: 0.1.0, 0.39.0, 0.39.1, 0.40.0, 0.42.0, 0.43.0, 0.43.2, 0.100.0, 0.101.0, 0.101.1, 0.101.2, 0.101.3, 0.101.4, 0.101.5, 0.101.6, 0.101.7, 0.101.8, 0.102.0, 0.103.0, 0.104.0, 0.104.1, 0.105.0, 0.105.1, 0.106.0, 0.107.0, 0.108.0, 0.108.1, 0.109.0, 0.110.0, 0.110.1, 0.110.2, 0.111.0, 0.112.0, 0.112.1, 0.113.0, 0.113.1, 0.114.0, 0.115.0