CVE-2021-29511

描述

### Impact Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. ### Patches The flaw was corrected in commit `19ade85`. Users should upgrade to `==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1`. ### Workarounds None. Please upgrade your `evm` crate version ### References Fix commit: https://github.com/rust-blockchain/evm/commit/19ade858c430ab13eb562764a870ac9f8506f8dd ### For more information If you have any questions or comments about this advisory: * Open an issue in [evm repo](https://github.com/rust-blockchain/evm) * Email [Wei](mailto:[email protected])

受影響套件(2)

• crates.io/evmfrom 0, < 0.21.1
• crates.io/evm-corefrom 0, < 0.21.1

CVSS 分數

參考連結(3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-29511
• WEBhttps://github.com/rust-blockchain/evm/commit/19ade858c430ab13eb562764a870ac9f8506f8dd
• WEBhttps://github.com/rust-blockchain/evm/security/advisories/GHSA-4jwq-572w-4388