Skip to content

Process crashes when the cell used as DepGroup is not alive

Critical severity GitHub Reviewed Published Jul 26, 2021 in nervosnetwork/ckb • Updated Jan 11, 2023

Package

cargo ckb (Rust)

Affected versions

< 0.40.0

Patched versions

0.40.0

Description

Impact

It's easy to create a malign transaction which uses the dead cell as the DepGroup in the DepCells. The transaction can crash all the receiving nodes.

References

@doitian doitian published to nervosnetwork/ckb Jul 26, 2021
Reviewed Aug 2, 2021
Published to the GitHub Advisory Database Aug 25, 2021
Last updated Jan 11, 2023

Severity

Critical

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-45p7-c959-rgcm

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.