GHSA-wjxc-pjx9-4wvm

Source

https://github.com/advisories/GHSA-wjxc-pjx9-4wvm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-wjxc-pjx9-4wvm/GHSA-wjxc-pjx9-4wvm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wjxc-pjx9-4wvm

Published

2024-02-03T00:18:06Z

Modified

2024-02-03T00:18:06Z

Summary

Nervos CKB Panic on malformed input

Details

Impact

CKB process will panic when received malformed p2p message because of snappy, which is used to compress network messages

References

https://github.com/BurntSushi/rust-snappy/issues/29

Database specific

{
    "github_reviewed_at": "2024-02-03T00:18:06Z",
    "cwe_ids": [],
    "nvd_published_at": null,
    "severity": "HIGH",
    "github_reviewed": true
}

References

https://github.com/nervosnetwork/ckb/security/advisories/GHSA-wjxc-pjx9-4wvm

Affected packages

crates.io / ckb

Package

Name: ckb; View open source insights on deps.dev
Purl: pkg:cargo/ckb

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.34.2

Database specific

{
    "last_known_affected_version_range": "<= 0.34.1"
}