evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the `evm` crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit `19ade85`. Users should upgrade to `==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1`. There are no workarounds. Please upgrade your `evm` crate version.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| evm(crates.io) | 0 | 0.21.1 | N/A |
| evm-core(crates.io) | 0 | 0.21.1 | N/A |
| evm(crates.io) | 0.22.0 | 0.22.1 | N/A |
| evm(crates.io) | 0.23.0 | 0.23.1 | N/A |
| evm(crates.io) | 0.24.0 | 0.24.1 | N/A |
| evm(crates.io) | 0.25.0 | 0.25.1 | N/A |
| evm(crates.io) | 0.26.0 | 0.26.1 | N/A |
| evm-core(crates.io) | 0.22.0 | 0.22.1 | N/A |
| evm-core(crates.io) | 0.23.0 | 0.23.1 | N/A |
| evm-core(crates.io) | 0.24.0 | 0.24.1 | N/A |
| evm-core(crates.io) | 0.25.0 | 0.25.1 | N/A |
| evm-core(crates.io) | 0.26.0 | 0.26.1 | N/A |
CVSS Metrics
