PT-2021-24274 · Ckb · Ckb

Published

2021-07-25

Updated

2022-07-12

CVE-2021-45700

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: ckb crate versions prior to 0.40.0

Description: The issue allows attackers to cause a denial of service, specifically a Nervos CKB blockchain node crash, by utilizing a dead call as a DepGroup. It is possible to create a malign transaction that uses the dead cell as the DepGroup in the DepCells, which can then crash all the receiving nodes.

Recommendations: For versions prior to 0.40.0, update to version 0.40.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of dead cells as DepGroups in transactions to minimize the risk of node crashes.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2021-45700

GHSA-45P7-C959-RGCM

GHSA-CW98-CX2M-9QQG

RUSTSEC-2021-0109

Affected Products

Ckb

PT-2021-24274 · Ckb · Ckb

CVE-2021-45700

Weakness Enumeration

Related Identifiers

Affected Products

References · 10