GHSA-7fw6-6mfj-g3q2

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-7fw6-6mfj-g3q2/GHSA-7fw6-6mfj-g3q2.json
Published
2022-11-02T18:14:30Z
Modified
2022-11-02T18:14:30Z
Details

Impact

fn HeaderChecker#check_valid skipped main chain checking after this PR: https://github.com/nervosnetwork/ckb/pull/1646/files#diff-c4e017b67c1b3005ca0c446a9b0879571aa36a858b1f7ddd1b9328a884e3214bR171-R176

It will cause network forking if one transaction is using a forked block header which is not exists in local node's storage.

Patches

0.101.1 and later versions

References

Affected packages

crates.io / ckb

ckb

Affected ranges

Type
SEMVER
Events
Introduced
0
Fixed
0.101.1

Affected versions

Database specific

{
    "last_known_affected_version_range": "<= 0.101.0"
}