GHSA-29c2-65rj-h343
Suggest an improvement- Source
- https://github.com/advisories/GHSA-29c2-65rj-h343
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-29c2-65rj-h343/GHSA-29c2-65rj-h343.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-29c2-65rj-h343
- Published
- 2024-02-03T00:29:06Z
- Modified
- 2024-02-03T00:29:06Z
- Summary
- Nervos CKB Permit load cell data from memory
- Details
-
Impact
The faulty nodes will reject transactions which calls
load_cell_datasyscall but the input cell is still in the mempool. They also ban other nodes and cause the network separation.Patches
0.35.2, 0.36.1, 0.37.1, 0.38.2
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-02-03T00:29:06Z" }- References
-
- https://github.com/nervosnetwork/ckb/security/advisories/GHSA-29c2-65rj-h343
- https://github.com/nervosnetwork/ckb/commit/277061867eb7d2766fa6737c8bf00684fc2462a6
- https://github.com/nervosnetwork/ckb/commit/37d60d581c6713d3aca1a57018eaea45447ae0b2
- https://github.com/nervosnetwork/ckb/commit/8f115b387f8f60f938bce4591f26cd78430b8771
- https://github.com/nervosnetwork/ckb/commit/91efb7b6b4329d70d60eee91d5239a2de9b0d99f
- https://github.com/nervosnetwork/ckb/commit/97647408ee9dbf525f6c678796e770887c9f8738
Affected packages
crates.io / ckb
Package
- Name
- ckb
- View open source insights on deps.dev
- Purl
- pkg:cargo/ckb
crates.io / ckb
Package
- Name
- ckb
- View open source insights on deps.dev
- Purl
- pkg:cargo/ckb
crates.io / ckb
Package
- Name
- ckb
- View open source insights on deps.dev
- Purl
- pkg:cargo/ckb
crates.io / ckb
Package
- Name
- ckb
- View open source insights on deps.dev
- Purl
- pkg:cargo/ckb
crates.io / ckb
Package
- Name
- ckb
- View open source insights on deps.dev
- Purl
- pkg:cargo/ckb