Lucene search

[email protected]NVD:CVE-2021-45700

HistoryDec 27, 2021 - 12:15 a.m.

CVE-2021-45700

2021-12-2700:15:09

[email protected]

web.nvd.nist.gov

denial of service

ckb crate

rust

nervos ckb blockchain node crash

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.7%

JSON

An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup.

Affected configurations

Nvd

Node

nervosckbRange<0.40.0rust

VendorProductVersionCPE
nervosckb*cpe:2.3:a:nervos:ckb:*:*:*:*:*:rust:*:*

Vendor	Product	Version	CPE
nervos	ckb	*	cpe:2.3:a:nervos:ckb::::::rust::*

References

raw.githubusercontent.com/rustsec/advisory-db/main/crates/ckb/RUSTSEC-2021-0109.md

rustsec.org/advisories/RUSTSEC-2021-0109.html

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.7%

JSON

Related for NVD:CVE-2021-45700

rustsec1 osv3 cnvd1 cve1 prion1 github1 cvelist1