{"id":"GHSA-9mfc-chwf-7whf","summary":"ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low.","details":"### Impact\n\nWhen a transaction contains a dep group with many cells, the resources required to process it are not linear to the transaction size nor spent script cycles. \n\n### Patches\n\nIn 0.43.3, nodes drop the transactions relayed to them when they contain a dep group with more than 64 cells. They do not ban peers who send them such transactions.\n\nIn 0.100, the consensus disallow transactions using a dep group with more than 64 cells. Peers relaying such transaction must be banned. Blocks committing such transactions must be rejected.\n","modified":"2022-11-02T18:14:01Z","published":"2022-11-02T18:14:01Z","database_specific":{"github_reviewed":true,"severity":"MODERATE","cwe_ids":[],"nvd_published_at":null,"github_reviewed_at":"2022-11-02T18:14:01Z"},"references":[{"type":"WEB","url":"https://github.com/nervosnetwork/ckb/security/advisories/GHSA-9mfc-chwf-7whf"},{"type":"PACKAGE","url":"https://github.com/nervosnetwork/ckb"}],"affected":[{"package":{"name":"ckb","ecosystem":"crates.io","purl":"pkg:cargo/ckb"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.43.3"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-9mfc-chwf-7whf/GHSA-9mfc-chwf-7whf.json"}}],"schema_version":"1.7.3"}