{ "schema_version": "1.4.0", "id": "GHSA-773q-5334-5gf9", "modified": "2021-08-18T21:38:27Z", "published": "2021-08-25T20:55:36Z", "aliases": [], "summary": "Memory over-allocation in evm-core", "details": "Prior to the patch, when executing specific EVM opcodes related\nto memory operations that use `evm_core::Memory::copy_large`, the\ncrate can over-allocate memory when it is not needed, making it\npossible for an attacker to perform denial-of-service attack.\n\nThe flaw was corrected in commit `19ade85`.\n", "severity": [], "affected": [ { "package": { "ecosystem": "crates.io", "name": "evm-core" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0.26.0" }, { "fixed": "0.26.1" } ] } ] }, { "package": { "ecosystem": "crates.io", "name": "evm-core" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0.25.0" }, { "fixed": "0.25.1" } ] } ] }, { "package": { "ecosystem": "crates.io", "name": "evm-core" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0.24.0" }, { "fixed": "0.24.1" } ] } ] }, { "package": { "ecosystem": "crates.io", "name": "evm-core" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0.23.0" }, { "fixed": "0.23.1" } ] } ] }, { "package": { "ecosystem": "crates.io", "name": "evm-core" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.21.1" } ] } ] } ], "references": [ { "type": "WEB", "url": "https://github.com/rust-blockchain/evm/commit/19ade85" }, { "type": "PACKAGE", "url": "https://github.com/rust-blockchain/evm" }, { "type": "WEB", "url": "https://rustsec.org/advisories/RUSTSEC-2021-0066.html" } ], "database_specific": { "cwe_ids": [ "CWE-789" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-08-18T21:38:27Z", "nvd_published_at": null } }