Name of the Vulnerable Software and Affected Versions ckb versions prior to 0.43.1

Description A remote attacker could exploit this issue to exhaust the ckb process memory of an affected node. The vulnerability is related to a memory denial-of-service (DoS) attack due to the lack of determination of whether the outpoints are duplicated. This allows an attacker to send malicious transactions that can cause significant memory usage, potentially leading to memory exhaustion. For example, sending 50 malicious transactions could result in memory usage of up to 19.2 GB.

Recommendations Upgrade to version 0.43.1 or later to resolve the issue. As a temporary workaround, consider restricting the capacity of dep tx out points to minimize the risk of exploitation. Avoid sending transactions that could potentially cause memory exhaustion until the issue is resolved.