CVE-2021-29511
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
12/05/2021
Last modified:
25/10/2022
Description
evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the `evm` crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit `19ade85`. Users should upgrade to `==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1`. There are no workarounds. Please upgrade your `evm` crate version.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:evm_project:evm:*:*:*:*:*:rust:*:* | 0.21.0 (including) | |
| cpe:2.3:a:evm_project:evm:0.22.0:*:*:*:*:rust:*:* | ||
| cpe:2.3:a:evm_project:evm:0.23.0:*:*:*:*:rust:*:* | ||
| cpe:2.3:a:evm_project:evm:0.24.0:*:*:*:*:rust:*:* | ||
| cpe:2.3:a:evm_project:evm:0.25.0:*:*:*:*:rust:*:* | ||
| cpe:2.3:a:evm_project:evm:0.26.0:*:*:*:*:rust:*:* |
To consult the complete list of CPE names with products and versions, see this page