Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:RUSTSEC-2021-0108
HistoryJul 25, 2021 - 12:00 p.m.

Remote memory exhaustion in ckb

2021-07-2512:00:00
Google
osv.dev
6
ckb
syncstate
hashmap
misbehavior
sessionid
integer
denial of service
51% attack

EPSS

0.002

Percentile

59.2%

JSON

In the ckb sync protocol, SyncState maintains a HashMap called ‘misbehavior’ that keeps a score of a peer’s violations of the protocol. This HashMap is keyed to PeerIndex (an alias for SessionId), and entries are never removed from it. SessionId is an integer that increases monotonically with every new connection.

A remote attacker can manipulate this HashMap to grow forever, resulting in degraded performance and ultimately a panic on allocation failure or being killed by the OS, depending on the platform.

This is a critical severity security bug. It could be exploited to create a targeted or network-wide denial of service, to reduce the hash power of the network as part of a 51% attack, and perhaps in other creative ways.

Related

nvd 1
rustsec 1
cvelist 1
github 1
osv 2
cnvd 1
prion 1
cve 1
nvd
nvd
CVE-2021-45699
2021-12-27 00:15:09
rustsec
rustsec
Remote memory exhaustion in ckb
2021-07-25 12:00:00
cvelist
cvelist
CVE-2021-45699
2021-12-26 21:49:25
github
github
Allocation of Resources Without Limits or Throttling in ckb
2022-01-06 22:09:49
osv
osv
Allocation of Resources Without Limits or Throttling in ckb
2022-01-06 22:09:49
Remote memory exhaustion in ckb
2021-08-25 21:01:23
cnvd
cnvd
Mozilla Rust Denial of Service Vulnerability (CNVD-2022-04515)
2021-12-28 00:00:00
prion
prion
Design/Logic Flaw
2021-12-27 00:15:00
cve
cve
CVE-2021-45699
2021-12-27 00:15:09

EPSS

0.002

Percentile

59.2%

JSON
Related for OSV:RUSTSEC-2021-0108
nvd1rustsec1cvelist1github1osv2cnvd1prion1cve1