CVE-2021-45699 – ckb

Package

Manager: cargo
Name: ckb
Vulnerable Version: >=0 <0.40.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0055 pctl0.66984

Details

Allocation of Resources Without Limits or Throttling in ckb An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap.

Metadata

Created: 2022-01-06T22:09:49Z
Modified: 2022-01-07T17:53:54Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-2969-8hh9-57jc/GHSA-2969-8hh9-57jc.json
CWE IDs: ["CWE-770"]
Alternative ID: GHSA-2969-8hh9-57jc
Finding: F067
Auto approve: 1