6.5
CVE-2021-29511
- EPSS 0.38%
- Veröffentlicht 12.05.2021 18:15:08
- Zuletzt bearbeitet 21.11.2024 06:01:16
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Loginevm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the `evm` crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit `19ade85`. Users should upgrade to `==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1`. There are no workarounds. Please upgrade your `evm` crate version.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Evm Project ≫ Evm SwPlatformrust Version <= 0.21.0
Evm Project ≫ Evm Version0.22.0 SwPlatformrust
Evm Project ≫ Evm Version0.23.0 SwPlatformrust
Evm Project ≫ Evm Version0.24.0 SwPlatformrust
Evm Project ≫ Evm Version0.25.0 SwPlatformrust
Evm Project ≫ Evm Version0.26.0 SwPlatformrust
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.562 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
| security-advisories@github.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.