evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the `evm` crate can over-allocate memory when it is not needed, making it possible for an malicious user to perform denial-of-service attack. The flaw was corrected in commit `19ade85`. Users should upgrade to `==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1`. There are no workarounds. Please upgrade your `evm` crate version.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
evm project evm 0.22.0 |
||
evm project evm 0.23.0 |
||
evm project evm 0.24.0 |
||
evm project evm 0.25.0 |
||
evm project evm 0.26.0 |
||
evm project evm |