Lucene search

GitHub Advisory DatabaseGHSA-CW98-CX2M-9QQG

HistoryJan 06, 2022 - 10:10 p.m.

Denial of Service in ckb

2022-01-0622:10:08

CWE-400

GitHub Advisory Database

github.com

denial of service

ckb crate

rust

nervos ckb blockchain node

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.7%

JSON

An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup.

Affected configurations

Vulners

Node

ckbRange<0.40.0

VendorProductVersionCPE
*ckb*cpe:2.3:a:*:ckb:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	ckb	*	cpe:2.3:a::ckb::::::::*

References

github.com/advisories/GHSA-cw98-cx2m-9qqg

github.com/nervosnetwork/ckb/security/advisories/GHSA-45p7-c959-rgcm

nvd.nist.gov/vuln/detail/CVE-2021-45700

raw.githubusercontent.com/rustsec/advisory-db/main/crates/ckb/RUSTSEC-2021-0109.md

rustsec.org/advisories/RUSTSEC-2021-0109.html

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.7%

JSON

Related for GHSA-CW98-CX2M-9QQG