CVE-2021-41153

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...

CVE-2021-41153 Specification non-compliance in JUMPI

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...

GHSA-VJ62-G63V-F8MF Validity check missing in Frontier

Impact In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of this to put invalid transactions into a block...

CVE-2021-41138

Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of...

Input validation

Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of...

CVE-2021-41138

CVE-2021-41138 concerns Frontier, Substrate’s Ethereum compatibility layer. A signed Frontier-specific extrinsic for pallet-ethereum caused many validation checks to run only during transaction pool validation, not during block execution, allowing malicious validators to include invalid transacti...

CVE-2021-41138 Validity check for signed Frontier-specific extrinsic not called in block execution

Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of...

CVE-2021-39193

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state in pallet-ethereum due to not validating the input data size. Any invalid...

CVE-2021-39193

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state in pallet-ethereum due to not validating the input data size. Any invalid...

Input validation

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state in pallet-ethereum due to not validating the input data size. Any invalid...

CVE-2021-39193

CVE-2021-39193 concerns Frontier’s Ethereum compatibility layer (Frontier) and specifically a bug in the Substrate pallet-ethereum. Before commit 0b962f218f0cdd796dadfe26c3f09e68f7861b26, input data size validation was faulty, which could allow invalid transactions to be included in the Ethereum ...

CVE-2021-39193 Transaction validity oversight in pallet-ethereum

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state in pallet-ethereum due to not validating the input data size. Any invalid...

Github Frontier 输入验证错误漏洞

Github Frontier is an ethereum-compatible layer for Substrate. It allows you to run unmodified Ether dapps. An input validation error vulnerability exists in Frontier, which stems from the program failing to validate the size of input data, and an error in "pallet-ethereum" could result in an...

Transaction validity oversight in pallet-ethereum

Impact A bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state in pallet-ethereum due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction...

vade (>=0.1.0 <=0.1.1), vade-evan (=0.3.0) +4 more potentially affected by CVE-2021-38191 via tokio (=1.7.1)

tokio CARGO version =1.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on tokio and may be impacted: - vade =0.1.0, =0.1.3, =0.2.0 - vade-sidetree =0.0.3 - vade-signer =0.0.1 - vade-universal-resolver =0.0.4 Source cves: CVE-2021-38191 Source advisory...

Google Researchers Discover A New Variant of Rowhammer Attack

A team of security researchers from Google has demonstrated yet another variant of the Rowhammer vulnerability that targets increasingly smaller DRAM chips to bypass all current mitigations, making it a persistent threat to chip security. Dubbed "Half-Double," the new hammering technique hinges o...

Mouse Framework - An iOS And macOS Post Exploitation Surveillance Framework That Gives You A Command Line Session With Extra Functionality Between You And A Target Machine Using Only A Simple Mouse Payload

About Mouse Framework Mouse Framework is an iOS and macOS post exploitation surveillance framework that gives you a command line session with extra functionality between you and a target machine using only a simple Mouse Payload. Mouse gives you the power and convenience of uploading and...

Cydia Substrate - Exported components, External URLs, Possible privilege escalation vulnerabilities

HackApp vulnerability scanner discovered that application Cydia Substrate published at the 'play' market has multiple vulnerabilities...

AdThief iOS Malware Affecting 75K Jailbroken Devices

A relatively new form of malware on iOS is estimated to have stolen revenue from 22 million ads and infected upwards to 75,000 devices so far. The malware, iOS/AdThief, was first identified back in March but wasn’t fully articulated until Axelle Aprville, a researcher with Fortinet, looked into t...

'AdThief' Chinese Malware Infects Over 75,000 Jailbroken iOS devices

If you have jailbroken your iPhone, iPad, or iPod touch and have downloaded pirated tweaks from pirated repositories, then you may be infected by “AdThief” malware, a Chinese malware that is now installed on more than 75,000 iPhone devices. According to a recent research paper published on Virus...