CVE-2021-45700: Denial of Service in ckb
(updated )
An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup.
References
- github.com/advisories/GHSA-cw98-cx2m-9qqg
- github.com/nervosnetwork/ckb
- github.com/nervosnetwork/ckb/security/advisories/GHSA-45p7-c959-rgcm
- nvd.nist.gov/vuln/detail/CVE-2021-45700
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/ckb/RUSTSEC-2021-0109.md
- rustsec.org/advisories/RUSTSEC-2021-0109.html
Code Behaviors & Features
Detect and mitigate CVE-2021-45700 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →