MEDIUM🇵🇱 Wersja polska

CVE-2021-29511

CVSS 6.5v3.1pub. 2021-05-12upd. 2024-11-21

evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the `evm` crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit `19ade85`. Users should upgrade to `==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1`. There are no workarounds. Please upgrade your `evm` crate version.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Evm Project Evm

    APP
    Evm Project
    0.22.00.23.00.24.00.25.00.26.0≤ 0.21.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-41153HIGH8.7ten sam produkt

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` op...

CVE-2024-21629MEDIUM5.9ten sam produkt

Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operatio...

CVE-2022-39354MEDIUM5.9ten sam produkt

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile...