CVE-2021-29511
MEDIUM6.5EPSS 0.38%Memory over-allocation in evm crate
Description
### Impact Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. ### Patches The flaw was corrected in commit `19ade85`. Users should upgrade to `==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1`. ### Workarounds None. Please upgrade your `evm` crate version ### References Fix commit: https://github.com/rust-blockchain/evm/commit/19ade858c430ab13eb562764a870ac9f8506f8dd ### For more information If you have any questions or comments about this advisory: * Open an issue in [evm repo](https://github.com/rust-blockchain/evm) * Email [Wei](mailto:[email protected])
Affected packages (2)
- crates.io/evmfrom 0, < 0.21.1
- crates.io/evm-corefrom 0, < 0.21.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |