GHSA-h4c3-5275-vrmg – ckb

Package

Manager: cargo
Name: ckb
Vulnerable Version: >=0 <0.39.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Nervos CKB Pool does not remove the conflicting transactions from the statistics ### Impact There's a bug in the pool statistics that when conflicting transactions are removed from the pool, they are not subtracted from the statics. Finally, the transaction pool keeps full and reject all transactions. ### Patches 0.39.2 ### Workarounds Restart the CKB node.

Metadata

Created: 2024-02-03T00:29:02Z
Modified: 2024-02-03T00:29:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-h4c3-5275-vrmg/GHSA-h4c3-5275-vrmg.json
CWE IDs: []
Alternative ID: N/A
Finding: F113
Auto approve: 1