EUVD-2021-2242

Malware in sbrugna...

Memory over-allocation in evm crate

Impact Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. Patches The flaw was corrected in comm...

GHSA-4JWQ-572W-4388 Memory over-allocation in evm crate

Impact Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. Patches The flaw was corrected in comm...

Always-Incorrect Control Flow Implementation

Overview evm is a SputnikVM: Rust Ethereum Virtual Machine Implementation. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation as the opcode's condition is checked after the destination validity check, while according to Geth and OpenEthereum, the...

Specification non-compliance in JUMPI

Impact In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Patches This is a high severity security advisory if you use evm crate for...

CVE-2021-41153

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...

CVE-2021-41153

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...

CVE-2021-41153 Specification non-compliance in JUMPI

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...

evm crate 安全漏洞

evm crate is a Rust Ethereum virtual machine implementation. A security vulnerability exists in evm crate that stems from a condition in evm crate where the JUMPI opcode is checked after a destination validity check...

CVE-2021-29511

CVE-2021-29511 affects the Rust EVM implementation (evm crate). Before the patch in commit 19ade85, certain memory-opcodes using memory::copy_large could cause memory over-allocation, enabling a denial-of-service. Remediation: upgrade evm to >=0.26.1, or to specific newer releases (0.21.1, 0.2...

CVE-2021-29511 Memory over-allocation in evm crate

evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the evm crate can over-allocate memory when it is not needed, making it possible for an attacker to perform...