GHSA-29c2-65rj-h343

Source

https://github.com/advisories/GHSA-29c2-65rj-h343

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-29c2-65rj-h343/GHSA-29c2-65rj-h343.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-29c2-65rj-h343

Published

2024-02-03T00:29:06Z

Modified

2024-02-03T00:29:06Z

Summary

Nervos CKB Permit load cell data from memory

Details

Impact

The faulty nodes will reject transactions which calls load_cell_data syscall but the input cell is still in the mempool. They also ban other nodes and cause the network separation.

Patches

0.35.2, 0.36.1, 0.37.1, 0.38.2

References

Affected packages

crates.io / ckb

Package

Name: ckb; View open source insights on deps.dev
Purl: pkg:cargo/ckb

Affected ranges

Type: SEMVER
Events: Introduced

0.39.0-rc1

Fixed

0.39.0

crates.io / ckb

Package

Name: ckb; View open source insights on deps.dev
Purl: pkg:cargo/ckb

Affected ranges

Type: SEMVER
Events: Introduced

0.35.0-rc1

Fixed

0.35.2

crates.io / ckb

Package

Name: ckb; View open source insights on deps.dev
Purl: pkg:cargo/ckb

Affected ranges

Type: SEMVER
Events: Introduced

0.36.0-rc1

Fixed

0.36.1

crates.io / ckb

Package

Name: ckb; View open source insights on deps.dev
Purl: pkg:cargo/ckb

Affected ranges

Type: SEMVER
Events: Introduced

0.37.0-rc1

Fixed

0.37.1

crates.io / ckb

Package

Name: ckb; View open source insights on deps.dev
Purl: pkg:cargo/ckb

Affected ranges

Type: SEMVER
Events: Introduced

0.38.0-rc1

Fixed

0.38.2