{"id":"RUSTSEC-2021-0066","summary":"Denial of service on EVM execution due to memory over-allocation","details":"Prior to the patch, when executing specific EVM opcodes related\nto memory operations that use `evm_core::Memory::copy_large`, the\ncrate can over-allocate memory when it is not needed, making it\npossible for an attacker to perform denial-of-service attack.\n\nThe flaw was corrected in commit `19ade85`.","aliases":["GHSA-773q-5334-5gf9"],"modified":"2023-11-08T04:16:40.750878Z","published":"2021-05-11T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/evm-core"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2021-0066.html"},{"type":"WEB","url":"https://github.com/rust-blockchain/evm"}],"affected":[{"package":{"name":"evm-core","ecosystem":"crates.io","purl":"pkg:cargo/evm-core"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.21.1"},{"introduced":"0.22.0-0"},{"fixed":"0.23.1"},{"introduced":"0.24.0-0"},{"fixed":"0.24.1"},{"introduced":"0.25.0-0"},{"fixed":"0.25.1"},{"introduced":"0.26.0-0"},{"fixed":"0.26.1"}]}],"ecosystem_specific":{"affects":{"functions":[],"os":[],"arch":[]},"affected_functions":null},"database_specific":{"informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0066.json","cvss":null,"categories":["denial-of-service"]}}],"schema_version":"1.7.3"}