CVE-2021-29511

Summary

evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use evm_core::Memory::copy_large, the evm crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit 19ade85. Users should upgrade to ==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1. There are no workarounds. Please upgrade your evm crate version.

Affected Software

VendorProductVersion RangeStatus
rust-blockchainevm< 0.21.1affected
rust-blockchainevm= 0.22.0affected
rust-blockchainevm= 0.23.0affected
rust-blockchainevm= 0.24.0affected
rust-blockchainevm= 0.25.0affected

Weaknesses

  • CWE-770: {"CWE-770":"Allocation of Resources Without Limits or Throttling"}

ADP Enrichment

CVE Program Container

Additional References

References