CVE-2024-7884

When a canister method is called via iccdk::call , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture...

PT-2024-38658 · Ic Cdk · Ic Cdk

Name of the Vulnerable Software and Affected Versions: ic cdk versions 0.8.0 through 0.15.0 Description: A bug in the polling implementation of the CallFuture allows multiple references to be held for the internal state and not all references were dropped before the Future is resolved, causing a...