VYPR
Moderate severityNVD Advisory· Published May 12, 2021· Updated Aug 3, 2024

Memory over-allocation in evm crate

CVE-2021-29511

Description

evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use evm_core::Memory::copy_large, the evm crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit 19ade85. Users should upgrade to ==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1. There are no workarounds. Please upgrade your evm crate version.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
evmcrates.io
< 0.21.10.21.1
evm-corecrates.io
< 0.21.10.21.1
evmcrates.io
>= 0.22.0, < 0.22.10.22.1
evmcrates.io
>= 0.23.0, < 0.23.10.23.1
evmcrates.io
>= 0.24.0, < 0.24.10.24.1
evmcrates.io
>= 0.25.0, < 0.25.10.25.1
evmcrates.io
>= 0.26.0, < 0.26.10.26.1
evm-corecrates.io
>= 0.22.0, < 0.22.10.22.1
evm-corecrates.io
>= 0.23.0, < 0.23.10.23.1
evm-corecrates.io
>= 0.24.0, < 0.24.10.24.1
evm-corecrates.io
>= 0.25.0, < 0.25.10.25.1
evm-corecrates.io
>= 0.26.0, < 0.26.10.26.1

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.