GHSA-j35p-q24r-5367 – ckb

Package

Manager: cargo
Name: ckb
Vulnerable Version: >=0 <0.43.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Dep Group Remote Memory Exhaustion (Denial of Service) in ckb ### Impact A remote attacker could exploit this vulnerability to exhaust ckb process memory of an affected node. ### Patches Upgrade to 0.43.1 or later. ### References After resolving the outpoints of one dep group, we put the corresponding content into a vec ( https://github.com/nervosnetwork/ckb/blob/v0.42.0/util/types/src/core/cell.rs#L600-L617 ), there is a vulnerability to a memory dos attack because there is no determination of whether the outpoints is duplicated. PoC: ``` before send dos tx rss: 105700 after rss: 2306932 ``` DoS cost: 25.6 KB * 150 + dep_tx out_points capacity ( 36 * 150 * 100 = 540000 ) = 4380000 CKB Send 50 dos_tx, memory exhausted: (25.6 KB * 150 * 100) * 50 = 19.2 GB

Metadata

Created: 2022-04-22T20:23:04Z
Modified: 2022-04-22T20:23:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-j35p-q24r-5367/GHSA-j35p-q24r-5367.json
CWE IDs: []
Alternative ID: N/A
Finding: F002
Auto approve: 1