CVE-2021-45699

Vulnerability

The vulnerability resides in the sync protocol of the ckb crate before version 0.40.0, used by the Nervos CKB blockchain [1]. The SyncState structure maintains a HashMap named misbehavior that tracks a peer's protocol violation score [3]. This map is keyed by PeerIndex (an alias for SessionId), an integer that increases monotonically with every new connection [3]. Entries are never removed from the map [3]. An attacker can cause the map to grow unboundedly, leading to memory exhaustion [3].

Exploitation

A remote attacker needs only network access to the target node; no authentication or prior trust is required [3]. The attacker repeatedly connects and disconnects, each time generating a new SessionId and thus a new entry in the misbehavior HashMap [3]. Over time the map grows until the host's memory is depleted, causing degraded performance and eventually a panic on allocation failure or process termination by the OS [3].

Impact

Successful exploitation results in a denial-of-service condition against the targeted node [3]. If enough nodes are affected, the attacker can reduce the overall hash power of the Nervos CKB network, potentially enabling a 51% attack to undermine blockchain consensus [3]. The impact is critical severity due to the remote and unauthenticated nature of the attack and its potential to compromise the integrity of the blockchain [1].

Mitigation

The vulnerability is fixed in ckb version 0.40.0 and later [3][4]. Users must upgrade the ckb crate to >=0.40.0 [4]. No workaround is publicly documented for older versions; upgrading is the recommended mitigation [3].