openzeppelin_cairo_contracts is vulnerable to denial of service. The vulnerability exists in execute
in library.cairo
due to an incorrect reference in the ecdsa_ptr
pointer, which allows an attacker to cause an application crash.
github.com/advisories/GHSA-8mjr-jr5h-q2xr
github.com/OpenZeppelin/cairo-contracts/blob/release-0.2.0/src/openzeppelin/account/library.cairo#L203
github.com/OpenZeppelin/cairo-contracts/commit/2cd60279c3332285d47edf9ee3888b71257acdc9
github.com/OpenZeppelin/cairo-contracts/commit/c2007df15001a411740376efb1b2b78df98e59d8
github.com/OpenZeppelin/cairo-contracts/issues/386
github.com/OpenZeppelin/cairo-contracts/pull/387
github.com/OpenZeppelin/cairo-contracts/releases/tag/v0.2.1
github.com/OpenZeppelin/cairo-contracts/security/advisories/GHSA-8mjr-jr5h-q2xr