Memory over-allocation in evm crate
Moderate severity
GitHub Reviewed
Published
May 11, 2021
in
rust-ethereum/evm
•
Updated Jan 30, 2024
Description
Published by the National Vulnerability Database
May 12, 2021
Published to the GitHub Advisory Database
Jan 30, 2024
Reviewed
Jan 30, 2024
Last updated
Jan 30, 2024
Impact
Prior to the patch, when executing specific EVM opcodes related to memory operations that use
evm_core::Memory::copy_large
, the crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack.Patches
The flaw was corrected in commit
19ade85
. Users should upgrade to==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1
.Workarounds
None. Please upgrade your
evm
crate versionReferences
Fix commit: rust-ethereum/evm@19ade85
For more information
If you have any questions or comments about this advisory:
References