GHSA-3GJH-29FV-8HR6
Vulnerability from github – Published: 2024-02-03 00:18 – Updated: 2024-02-03 00:18
VLAI
Summary
Nervos CKB Snappy decompress length can be very large and causes out of memory error
Details
Impact
Adversary can create message which compressed size is less than the package limit but the decompressed length is very large such as 1G. It will cost the node many memories to process the network messages, and on the system with less than 1G memory, the process is killed directly because of out of memory error.
Patches
The node must check the decompress length before allocating the memory for the message.
References
- https://github.com/nervosnetwork/ckb/blob/687d797f1888dd05d1f38ce6d1bef3e5b9b6e38b/network/src/compress.rs#L68
- https://github.com/BurntSushi/rust-snappy/blob/master/src/decompress.rs#L106
- https://github.com/BurntSushi/rust-snappy/blob/6cfb836463b9b3ac48ca7cd15d0a50d030e95769/src/decompress.rs#L30
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.34.1"
},
"package": {
"ecosystem": "crates.io",
"name": "ckb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.34.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [],
"github_reviewed": true,
"github_reviewed_at": "2024-02-03T00:18:10Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\n\nAdversary can create message which compressed size is less than the package limit but the decompressed length is very large such as 1G. It will cost the node many memories to process the network messages, and on the system with less than 1G memory, the process is killed directly because of out of memory error.\n\n### Patches\n\nThe node must check the decompress length before allocating the memory for the message.\n\n### References\n\n* https://github.com/nervosnetwork/ckb/blob/687d797f1888dd05d1f38ce6d1bef3e5b9b6e38b/network/src/compress.rs#L68\n* https://github.com/BurntSushi/rust-snappy/blob/master/src/decompress.rs#L106\n* https://github.com/BurntSushi/rust-snappy/blob/6cfb836463b9b3ac48ca7cd15d0a50d030e95769/src/decompress.rs#L30",
"id": "GHSA-3gjh-29fv-8hr6",
"modified": "2024-02-03T00:18:10Z",
"published": "2024-02-03T00:18:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nervosnetwork/ckb/security/advisories/GHSA-3gjh-29fv-8hr6"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Nervos CKB Snappy decompress length can be very large and causes out of memory error "
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…