GHSA-hjqq-29pw-96wj

Source

https://github.com/advisories/GHSA-hjqq-29pw-96wj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-hjqq-29pw-96wj/GHSA-hjqq-29pw-96wj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hjqq-29pw-96wj

Published

2024-02-02T22:23:11Z

Modified

2024-02-02T22:23:11Z

Summary

Nervos CKB node panics when processing a block which parent timestamp is too new

Details

Impact

Adversary can initiate DOS attack by broadcasting two consecutive blocks with timestamps in the future.

Patches

Please upgrade to v0.34.1

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-02T22:23:11Z"
}

References

Affected packages

crates.io / ckb

Package

Name: ckb; View open source insights on deps.dev
Purl: pkg:cargo/ckb

Affected ranges

Type: SEMVER
Events: Introduced

0.33.0

Fixed

0.33.2

crates.io / ckb

Package

Name: ckb; View open source insights on deps.dev
Purl: pkg:cargo/ckb

Affected ranges

Type: SEMVER
Events: Introduced

0.34.0

Fixed

0.34.1