Reported

July 25, 2021

Issued

September 10, 2021 (last modified: June 13, 2023)

Package

ckb (crates.io)

Type

Vulnerability

Aliases

• CVE-2021-45700
• GHSA-45p7-c959-rgcm
• GHSA-cw98-cx2m-9qqg

References

• https://github.com/nervosnetwork/ckb/security/advisories/GHSA-45p7-c959-rgcm

Patched

• >=0.40.0

Description

It's easy to create a malign transaction which uses the dead cell as the DepGroup in the DepCells. The transaction can crash all the receiving nodes.

Advisory available under CC0-1.0 license.