HistoryEdit

RUSTSEC-2021-0109

Process crashes when the cell used as DepGroup is not alive

Reported
Issued
Package
ckb (crates.io)
Type
Vulnerability
Aliases
Details
https://github.com/nervosnetwork/ckb/security/advisories/GHSA-45p7-c959-rgcm
Patched
  • >=0.40.0

Description

It's easy to create a malign transaction which uses the dead cell as the DepGroup in the DepCells. The transaction can crash all the receiving nodes.