GHSA-29c2-65rj-h343: Nervos CKB Permit load cell data from memory
The faulty nodes will reject transactions which calls load_cell_data syscall but the input cell is still in the mempool. They also ban other nodes and cause the network separation.
References
- github.com/advisories/GHSA-29c2-65rj-h343
- github.com/nervosnetwork/ckb/commit/277061867eb7d2766fa6737c8bf00684fc2462a6
- github.com/nervosnetwork/ckb/commit/37d60d581c6713d3aca1a57018eaea45447ae0b2
- github.com/nervosnetwork/ckb/commit/8f115b387f8f60f938bce4591f26cd78430b8771
- github.com/nervosnetwork/ckb/commit/91efb7b6b4329d70d60eee91d5239a2de9b0d99f
- github.com/nervosnetwork/ckb/commit/97647408ee9dbf525f6c678796e770887c9f8738
- github.com/nervosnetwork/ckb/security/advisories/GHSA-29c2-65rj-h343
Detect and mitigate GHSA-29c2-65rj-h343 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →