An open API service providing security vulnerability metadata for many open source software ecosystems.
| Affected Packages | Affected Versions | Fixed Versions | |
|---|---|---|---|
| cargo:ckb | >= 0.100.0, < 0.102.0 | 0.102.0 | |
Affected Version RangesAll affected versions0.100.0, 0.101.0, 0.101.1, 0.101.2, 0.101.3, 0.101.4, 0.101.5, 0.101.6, 0.101.7, 0.101.8 All unaffected versions0.1.0, 0.37.0, 0.38.0, 0.39.0, 0.39.1, 0.40.0, 0.42.0, 0.43.0, 0.43.2, 0.102.0, 0.103.0, 0.104.0, 0.104.1, 0.105.0, 0.105.1, 0.106.0, 0.107.0, 0.108.0, 0.108.1, 0.109.0, 0.110.0, 0.110.1, 0.110.2, 0.111.0, 0.112.0, 0.112.1, 0.113.0, 0.113.1, 0.114.0, 0.115.0, 0.116.0, 0.116.1, 0.117.0, 0.118.0, 0.119.0, 0.120.0, 0.121.0, 0.200.0, 0.201.0, 0.202.0 |
|||
https://github.com/nervosnetwork/ckb/blob/v0.101.2/script/src/verify.rs#L871-L879
TypeIdSystemScript resume handle is not correct when max_cycles is not enough, ScriptError::ExceededMaximumCycles will be raised directly ranther than suspend as expect, and also because script_group execution order is random, so this will happen randomly.