CVE-2024-21629: Rust EVM erroneousle handles `record_external_operation` error return
In rust-evm, a feature called record_external_operation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack.
References
- github.com/advisories/GHSA-27wg-99g8-2v4v
- github.com/rust-ethereum/evm
- github.com/rust-ethereum/evm/blob/release-v041/src/executor/stack/executor.rs
- github.com/rust-ethereum/evm/commit/d8991ec727ad0fb64fe9957a3cd307387a6701e4
- github.com/rust-ethereum/evm/pull/264
- github.com/rust-ethereum/evm/security/advisories/GHSA-27wg-99g8-2v4v
- nvd.nist.gov/vuln/detail/CVE-2024-21629
Detect and mitigate CVE-2024-21629 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →