GHSA-f8qm-hmm3-fv7f
Suggest an improvement- Source
- https://github.com/advisories/GHSA-f8qm-hmm3-fv7f
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-f8qm-hmm3-fv7f/GHSA-f8qm-hmm3-fv7f.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-f8qm-hmm3-fv7f
- Published
- 2025-02-20T20:34:04Z
- Modified
- 2025-02-20T20:34:04Z
- Severity
-
- 9.2 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H CVSS Calculator
- Summary
- Namada-apps allows Excessive Computation in Mempool Validation
- Details
-
Impact
A malicious transaction may cause an expensive computation in mempool validation.
A transaction with multiple repeated sections causes the section hash calculation used for signature validation to grow exponentially (and potentially even cubic) in proportion to number of sections. This may be used to significantly slow down operation of nodes.
Patches
This issue has been patched in apps version 1.1.0. The transaction sections are now being checked for uniqueness and the number of permitted sections contained in a single transaction has been limited to 10,000.
Workarounds
There are no workarounds and users are advised to upgrade.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-770" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2025-02-20T20:34:04Z" }- References
Affected packages
crates.io / namada-apps
Package
- Name
- namada-apps
- View open source insights on deps.dev
- Purl
- pkg:cargo/namada-apps