Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1jdzk4LWN4Mm0tOXFxZ80fjw

High EPSS: 0.00296% (0.52509 Percentile) EPSS:
Permalink JSON

Denial of Service in ckb

Affected Packages Affected Versions Fixed Versions
cargo:ckb < 0.40.0 0.40.0
0 Dependent packages
0 Dependent repositories
113,543 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.37.0, 0.38.0, 0.39.0, 0.39.1

All unaffected versions

0.40.0, 0.42.0, 0.43.0, 0.43.2, 0.100.0, 0.101.0, 0.101.1, 0.101.2, 0.101.3, 0.101.4, 0.101.5, 0.101.6, 0.101.7, 0.101.8, 0.102.0, 0.103.0, 0.104.0, 0.104.1, 0.105.0, 0.105.1, 0.106.0, 0.107.0, 0.108.0, 0.108.1, 0.109.0, 0.110.0, 0.110.1, 0.110.2, 0.111.0, 0.112.0, 0.112.1, 0.113.0, 0.113.1, 0.114.0, 0.115.0, 0.116.0, 0.116.1, 0.117.0, 0.118.0, 0.119.0, 0.120.0, 0.121.0, 0.200.0, 0.201.0, 0.202.0

An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup.

References:

Identifiers

GHSA-cw98-cx2m-9qqg

CVE-2021-45700

Risk

Severity

High

EPSS

EPSS Percentage: 0.00296

EPSS Percentile: 0.52509

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/nervosnetwork/ckb

Date and time

Published

over 3 years ago

Updated

about 2 years ago

API

JSON