OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-14 23:24:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add security advisory for evm crate related to memory over-allocation (#909)

Browse Source
This commit is contained in:
Wei Tang
2021-05-11 23:23:09 +02:00
committed by GitHub
parent bd8a0f6700
commit a7ffa73f48
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
crates/evm/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,20 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "evm"
date = "2021-05-11"
url = "https://github.com/rust-blockchain/evm"
categories = ["denial-of-service"]
[versions]
patched = [">= 0.26.1", "0.25.1", "0.24.1", "0.23.1", "0.21.1"]
```
# Denial of service on EVM execution due to memory over-allocation
Prior to the patch, when executing specific EVM opcodes related
to memory operations that use `evm_core::Memory::copy_large`, the `evm`
crate can over-allocate memory when it is not needed, making it
possible for an attacker to perform denial-of-service attack.
The flaw was corrected in commit `19ade85`.