GHSA-2969-8hh9-57jc

Suggest an improvement
Source
https://github.com/advisories/GHSA-2969-8hh9-57jc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-2969-8hh9-57jc/GHSA-2969-8hh9-57jc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2969-8hh9-57jc
Aliases
Published
2022-01-06T22:09:49Z
Modified
2023-11-08T04:07:22.625998Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Allocation of Resources Without Limits or Throttling in ckb
Details

An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap.

Database specific
{
    "nvd_published_at": "2021-12-27T00:15:00Z",
    "cwe_ids": [
        "CWE-770"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-05T23:46:28Z"
}
References

Affected packages

crates.io / ckb

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.40.0