CVE-2021-45700
Description
An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ckb before 0.40.0 allows remote attackers to crash nodes via a transaction using a dead cell as DepGroup.
Vulnerability
The ckb crate (Nervos CKB blockchain node) before version 0.40.0 contains a flaw where a transaction can include a dead (already consumed) cell as a DepGroup in the DepCells. The node does not properly validate the cell's liveness, leading to a crash when processing such a transaction [1][4].
Exploitation
An attacker can craft a transaction that references a dead cell as a DepGroup and send it to the network. No authentication or special network position is required; the attacker only needs the ability to create and broadcast a transaction. When other nodes receive and attempt to validate the transaction, the code panics, crashing the node [1].
Impact
Successful exploitation causes a denial of service (DoS) condition: affected nodes crash, disrupting the blockchain network's operation. The crash is a process-level termination, requiring manual restart [1][4].
Mitigation
The vulnerability is fixed in ckb version 0.40.0, which was released on September 10, 2021 [4]. Users should upgrade to this version or later. No known workarounds exist; the fix requires updating the crate or node software [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ckbcrates.io | < 0.40.0 | 0.40.0 |
Affected products
2- ckb/ckbdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-cw98-cx2m-9qqgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-45700ghsaADVISORY
- github.com/nervosnetwork/ckb/security/advisories/GHSA-45p7-c959-rgcmghsaWEB
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/ckb/RUSTSEC-2021-0109.mdghsax_refsource_MISCWEB
- rustsec.org/advisories/RUSTSEC-2021-0109.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.