Headline
CVE-2021-29511: Skip setting memory value if the value vec is empty · rust-blockchain/evm@19ade85
evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use evm_core::Memory::copy_large, the evm crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit 19ade85. Users should upgrade to ==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1. There are no workarounds. Please upgrade your evm crate version.
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
* Explore
* All features
* Documentation
* GitHub Skills
* Blog
By Plan
Enterprise
Teams
Compare all
By Solution
CI/CD & Automation
DevOps
DevSecOps
Case Studies
Customer Stories
Resources
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
* Repositories
* Topics
* Trending
* Collections
- Pricing
Related news
### Impact Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. ### Patches The flaw was corrected in commit `19ade85`. Users should upgrade to `==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1`. ### Workarounds None. Please upgrade your `evm` crate version ### References Fix commit: https://github.com/rust-blockchain/evm/commit/19ade858c430ab13eb562764a870ac9f8506f8dd ### For more information If you have any questions or comments about this advisory: * Open an issue in [evm repo](https://github.com/rust-blockchain/evm) * Email [Wei](mailto:[email protected])