Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13anhjLXBqeDktNHd2bc4AA5Cp

Nervos CKB Panic on malformed input

Impact

CKB process will panic when received malformed p2p message because of snappy, which is used to compress network messages

References

https://github.com/BurntSushi/rust-snappy/issues/29

Permalink: https://github.com/advisories/GHSA-wjxc-pjx9-4wvm
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13anhjLXBqeDktNHd2bc4AA5Cp
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 27 days ago
Updated: 27 days ago


Identifiers: GHSA-wjxc-pjx9-4wvm
References:

Affected Packages

cargo:ckb
Versions: <= 0.34.1
Fixed in: 0.34.2