HIGH🇵🇱 Wersja polska

CVE-2021-41153

CVSS 8.7v3.1pub. 2021-10-18upd. 2024-11-21

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a **high** severity security advisory if you use `evm` crate for Ethereum mainnet. In this case, you should update your library dependency immediately to on or after `0.31.0`. This is a **low** severity security advisory if you use `evm` crate in Frontier or in a standalone blockchain, because there's no security exploit possible with this advisory. It is **not** recommended to update to on or after `0.31.0` until all the normal chain upgrade preparations have been done. If you use Frontier or other `pallet-evm` based Substrate blockchain, please ensure to update your `spec_version` before updating this. For other blockchains, please make sure to follow a hard-fork process before you update this.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
  • Evm Project Evm

    APP
    Evm Project
    < 0.31.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-21629MEDIUM5.9ten sam produkt

Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operatio...

CVE-2022-39354MEDIUM5.9ten sam produkt

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile...

CVE-2021-29511MEDIUM6.5ten sam produkt

evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM...