GHSA-hjqq-29pw-96wj: Nervos CKB node panics when processing a block which parent timestamp is too new

February 2, 2024

Adversary can initiate DOS attack by broadcasting two consecutive blocks with timestamps in the future.

References

github.com/advisories/GHSA-hjqq-29pw-96wj
github.com/nervosnetwork/ckb/commit/ae3c791068f2f76c67cd5483501f09de3fd8cc0b
github.com/nervosnetwork/ckb/commit/c6725bb0659b6639f384d699f815117d76107388
github.com/nervosnetwork/ckb/security/advisories/GHSA-hjqq-29pw-96wj

Code Behaviors & Features

Detect and mitigate GHSA-hjqq-29pw-96wj with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →