- Description
- evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the `evm` crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit `19ade85`. Users should upgrade to `==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1`. There are no workarounds. Please upgrade your `evm` crate version.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:N/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:evm_project:evm:*:*:*:*:*:rust:*:*",
"vulnerable": true,
"matchCriteriaId": "BC526576-249B-4C0E-AAF0-85614F8F42E1",
"versionEndIncluding": "0.21.0"
},
{
"criteria": "cpe:2.3:a:evm_project:evm:0.22.0:*:*:*:*:rust:*:*",
"vulnerable": true,
"matchCriteriaId": "F18F86B1-8BED-4A6E-91A9-BB77819A3A6C"
},
{
"criteria": "cpe:2.3:a:evm_project:evm:0.23.0:*:*:*:*:rust:*:*",
"vulnerable": true,
"matchCriteriaId": "07E8CA2D-3CF8-4069-9F3F-D9CB0E6FB182"
},
{
"criteria": "cpe:2.3:a:evm_project:evm:0.24.0:*:*:*:*:rust:*:*",
"vulnerable": true,
"matchCriteriaId": "E70A1FF9-F6EE-486B-9E91-A6548E624A02"
},
{
"criteria": "cpe:2.3:a:evm_project:evm:0.25.0:*:*:*:*:rust:*:*",
"vulnerable": true,
"matchCriteriaId": "4D49607D-993F-44D7-A144-68B4939B6B2D"
},
{
"criteria": "cpe:2.3:a:evm_project:evm:0.26.0:*:*:*:*:rust:*:*",
"vulnerable": true,
"matchCriteriaId": "2C81A330-9BAF-4CC7-BA5C-69164C4A6189"
}
],
"operator": "OR"
}
]
}
]