{"id":"CVE-2021-29511","details":"evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the `evm` crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit `19ade85`. Users should upgrade to `==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, \u003e=0.26.1`. There are no workarounds. Please upgrade your `evm` crate version.","aliases":["GHSA-4jwq-572w-4388"],"modified":"2026-03-13T22:15:23.809592Z","published":"2021-05-12T18:15:08.527Z","related":["GHSA-4jwq-572w-4388"],"references":[{"type":"ADVISORY","url":"https://crates.io/crates/evm"},{"type":"FIX","url":"https://github.com/rust-blockchain/evm/commit/19ade858c430ab13eb562764a870ac9f8506f8dd"},{"type":"FIX","url":"https://github.com/rust-blockchain/evm/security/advisories/GHSA-4jwq-572w-4388"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rust-ethereum/evm","events":[{"introduced":"0"},{"fixed":"19ade858c430ab13eb562764a870ac9f8506f8dd"}]},{"type":"GIT","repo":"https://github.com/rust-ethereum/evm","events":[{"introduced":"0"},{"fixed":"19ade858c430ab13eb562764a870ac9f8506f8dd"}]}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.21.0"}]},{"events":[{"introduced":"0"},{"last_affected":"0.22.0"}]},{"events":[{"introduced":"0"},{"last_affected":"0.23.0"}]},{"events":[{"introduced":"0"},{"last_affected":"0.24.0"}]},{"events":[{"introduced":"0"},{"last_affected":"0.25.0"}]},{"events":[{"introduced":"0"},{"last_affected":"0.26.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29511.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}