CVE-2021-45699: Allocation of Resources Without Limits or Throttling in ckb
(updated )
An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap.
References
- github.com/advisories/GHSA-2969-8hh9-57jc
- github.com/nervosnetwork/ckb
- github.com/nervosnetwork/ckb/security/advisories/GHSA-48vq-8jqv-gm6f
- nvd.nist.gov/vuln/detail/CVE-2021-45699
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/ckb/RUSTSEC-2021-0108.md
- rustsec.org/advisories/RUSTSEC-2021-0108.html
Code Behaviors & Features
Detect and mitigate CVE-2021-45699 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →