Headline
CVE-2021-45700: Process crashes when the cell used as DepGroup is not alive › RustSec Advisory Database
An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup.
History ⋅ Edit
RUSTSEC-2021-0109
Process crashes when the cell used as DepGroup is not alive
Issued
July 25, 2021
Package
ckb (crates.io)
Type
Vulnerability
Aliases
- GHSA-45p7-c959-rgcm
Details
https://github.com/nervosnetwork/ckb/security/advisories/GHSA-45p7-c959-rgcm
Patched
>=0.40.0
Description
It’s easy to create a malign transaction which uses the dead cell as the DepGroup in the DepCells. The transaction can crash all the receiving nodes.