GSA_kwCzR0hTQS0zZ2poLTI5ZnYtOGhyNs4AA5Cq

High

Permalink JSON

Nervos CKB Snappy decompress length can be very large and causes out of memory error

Affected Packages	Affected Versions	Fixed Versions
cargo:ckb PURL: `pkg:cargo/ckb`	<= 0.34.1	0.34.2
0 Dependent packages 0 Dependent repositories 121,654 Downloads total Affected Version Ranges All affected versions 0.1.0 All unaffected versions 0.37.0, 0.38.0, 0.39.0, 0.39.1, 0.40.0, 0.42.0, 0.43.0, 0.43.2, 0.100.0, 0.101.0, 0.101.1, 0.101.2, 0.101.3, 0.101.4, 0.101.5, 0.101.6, 0.101.7, 0.101.8, 0.102.0, 0.103.0, 0.104.0, 0.104.1, 0.105.0, 0.105.1, 0.106.0, 0.107.0, 0.108.0, 0.108.1, 0.109.0, 0.110.0, 0.110.1, 0.110.2, 0.111.0, 0.112.0, 0.112.1, 0.113.0, 0.113.1, 0.114.0, 0.115.0, 0.116.0, 0.116.1, 0.117.0, 0.118.0, 0.119.0, 0.120.0, 0.121.0, 0.200.0, 0.201.0, 0.202.0

Impact

Adversary can create message which compressed size is less than the package limit but the decompressed length is very large such as 1G. It will cost the node many memories to process the network messages, and on the system with less than 1G memory, the process is killed directly because of out of memory error.

Patches

The node must check the decompress length before allocating the memory for the message.

References

References:

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS0zZ2poLTI5ZnYtOGhyNs4AA5Cq

Nervos CKB Snappy decompress length can be very large and causes out of memory error

Affected Version Ranges

All affected versions

All unaffected versions

Impact

Patches

References

Identifiers

Risk

Severity

Classification

Source

Origin

Repository

Date and time

Published

Updated

API