Moderate severityNVD Advisory· Published May 12, 2021· Updated Aug 3, 2024
Memory over-allocation in evm crate
CVE-2021-29511
Description
evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use evm_core::Memory::copy_large, the evm crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit 19ade85. Users should upgrade to ==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1. There are no workarounds. Please upgrade your evm crate version.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
evmcrates.io | < 0.21.1 | 0.21.1 |
evm-corecrates.io | < 0.21.1 | 0.21.1 |
evmcrates.io | >= 0.22.0, < 0.22.1 | 0.22.1 |
evmcrates.io | >= 0.23.0, < 0.23.1 | 0.23.1 |
evmcrates.io | >= 0.24.0, < 0.24.1 | 0.24.1 |
evmcrates.io | >= 0.25.0, < 0.25.1 | 0.25.1 |
evmcrates.io | >= 0.26.0, < 0.26.1 | 0.26.1 |
evm-corecrates.io | >= 0.22.0, < 0.22.1 | 0.22.1 |
evm-corecrates.io | >= 0.23.0, < 0.23.1 | 0.23.1 |
evm-corecrates.io | >= 0.24.0, < 0.24.1 | 0.24.1 |
evm-corecrates.io | >= 0.25.0, < 0.25.1 | 0.25.1 |
evm-corecrates.io | >= 0.26.0, < 0.26.1 | 0.26.1 |
Affected products
3- ghsa-coords2 versions
< 0.21.1+ 1 more
- (no CPE)range: < 0.21.1
- (no CPE)range: < 0.21.1
- rust-blockchain/evmv5Range: < 0.21.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-4jwq-572w-4388ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-29511ghsaADVISORY
- crates.io/crates/evmmitrex_refsource_MISC
- github.com/rust-blockchain/evm/commit/19ade858c430ab13eb562764a870ac9f8506f8ddghsax_refsource_MISCWEB
- github.com/rust-blockchain/evm/security/advisories/GHSA-4jwq-572w-4388ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.