evm incorrect state transition

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

CVE-2022-39354

SputnikVM (evm) has a vulnerability where the is_static parameter in custom stateful precompiles could be incorrect prior to v0.36.0, incorrectly setting static context only for direct STATICCALL calls. This could lead to incorrect state transitions for affected precompiles. The patch is included...

Integer overflow in the bundled Brotli C library

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. An updated version of brotli-sys has not...

RUSTSEC-2021-0131 Integer overflow in the bundled Brotli C library

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. An updated version of brotli-sys has not...

CVE-2021-29511

evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the evm crate can over-allocate memory when it is not needed, making it possible for an attacker to perform...

PT-2020-5809 · Google +8 · Brotli Library +8

Name of the Vulnerable Software and Affected Versions: Brotli library versions prior to 1.0.8 Description: A buffer overflow exists in the Brotli library where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copyin...