- Reported
-
- Issued
-
- Package
-
evm-core
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Aliases
-
- References
-
- Patched
-
>=0.26.1^0.25.1^0.24.1^0.23.1^0.21.1
Description
Prior to the patch, when executing specific EVM opcodes related
to memory operations that use evm_core::Memory::copy_large, the
crate can over-allocate memory when it is not needed, making it
possible for an attacker to perform denial-of-service attack.
The flaw was corrected in commit 19ade85.
Advisory available under CC0-1.0
license.