Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oNGMzLTUyNzUtdnJtZ84AA5Cu
Nervos CKB Pool does not remove the conflicting transactions from the statistics
Impact
There's a bug in the pool statistics that when conflicting transactions are removed from the pool, they are not subtracted from the statics. Finally, the transaction pool keeps full and reject all transactions.
Patches
0.39.2
Workarounds
Restart the CKB node.
Permalink: https://github.com/advisories/GHSA-h4c3-5275-vrmgJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oNGMzLTUyNzUtdnJtZ84AA5Cu
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: 3 months ago
Identifiers: GHSA-h4c3-5275-vrmg
References:
- https://github.com/nervosnetwork/ckb/security/advisories/GHSA-h4c3-5275-vrmg
- https://github.com/advisories/GHSA-h4c3-5275-vrmg
Blast Radius: 1.0
Affected Packages
cargo:ckb
Dependent packages: 0Dependent repositories: 0
Downloads: 21,044 total
Affected Version Ranges: < 0.39.2
Fixed in: 0.39.2
All affected versions: 0.1.0, 0.37.0, 0.38.0, 0.39.0, 0.39.1
All unaffected versions: 0.40.0, 0.42.0, 0.43.0, 0.43.2, 0.100.0, 0.101.0, 0.101.1, 0.101.2, 0.101.3, 0.101.4, 0.101.5, 0.101.6, 0.101.7, 0.101.8, 0.102.0, 0.103.0, 0.104.0, 0.104.1, 0.105.0, 0.105.1, 0.106.0, 0.107.0, 0.108.0, 0.108.1, 0.109.0, 0.110.0, 0.110.1, 0.110.2, 0.111.0, 0.112.0, 0.112.1, 0.113.0, 0.113.1, 0.114.0, 0.115.0