Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tY21yLTQ5eDMtNGpxbc4AAvq_
ckb type_id script resume may randomly fail
Impact
https://github.com/nervosnetwork/ckb/blob/v0.101.2/script/src/verify.rs#L871-L879
TypeIdSystemScript resume handle is not correct when max_cycles is not enough, ScriptError::ExceededMaximumCycles
will be raised directly ranther than suspend as expect, and also because script_group execution order is random, so this will happen randomly.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tY21yLTQ5eDMtNGpxbc4AAvq_
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: 11 months ago
Identifiers: GHSA-mcmr-49x3-4jqm
References:
- https://github.com/nervosnetwork/ckb/security/advisories/GHSA-mcmr-49x3-4jqm
- https://github.com/nervosnetwork/ckb/blob/v0.101.2/script/src/verify.rs#L871-L879
- https://github.com/advisories/GHSA-mcmr-49x3-4jqm
Affected Packages
cargo:ckb
Versions: >= 0.100.0, < 0.102.0Fixed in: 0.102.0