rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/evm-core/RUSTSEC-2021-0066.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

651 B
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2021-0066"
package = "evm-core"
date = "2021-05-11"
url = "https://github.com/rust-blockchain/evm"
categories = ["denial-of-service"]
aliases = ["GHSA-773q-5334-5gf9"]

[versions]
patched = [">= 0.26.1", "0.25.1", "0.24.1", "0.23.1", "0.21.1"]

Denial of service on EVM execution due to memory over-allocation

Prior to the patch, when executing specific EVM opcodes related to memory operations that use evm_core::Memory::copy_large, the crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack.

The flaw was corrected in commit 19ade85.