GHSA-wjxc-pjx9-4wvm

Suggest an improvement
Source
https://github.com/advisories/GHSA-wjxc-pjx9-4wvm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-wjxc-pjx9-4wvm/GHSA-wjxc-pjx9-4wvm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-wjxc-pjx9-4wvm
Published
2024-02-03T00:18:06Z
Modified
2024-02-03T00:18:06Z
Summary
Nervos CKB Panic on malformed input
Details

Impact

CKB process will panic when received malformed p2p message because of snappy, which is used to compress network messages

References

https://github.com/BurntSushi/rust-snappy/issues/29

References

Affected packages

crates.io / ckb

Package

Name
ckb
View open source insights on deps.dev
Purl
pkg:cargo/ckb

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.34.2

Database specific 

{
    "last_known_affected_version_range": "<= 0.34.1"
}