CVE-2021-29511
12.05.2021, 18:15
evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the `evm` crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit `19ade85`. Users should upgrade to `==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1`. There are no workarounds. Please upgrade your `evm` crate version.Enginsight
| Vendor | Product | Version |
|---|---|---|
| evm_project | evm | 𝑥 ≤ 0.21.0 |
| evm_project | evm | 0.22.0 |
| evm_project | evm | 0.23.0 |
| evm_project | evm | 0.24.0 |
| evm_project | evm | 0.25.0 |
| evm_project | evm | 0.26.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-770 - Allocation of Resources Without Limits or ThrottlingThe software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References