Evm
CVE-2021-29511
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1Blast Radius
ecosystem impact- 3 cargo packages depend on evm-core (3 direct, 0 indirect)
Ecosystem-wide dependent count for version 0.22.0.
DescriptionNVD
evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use evm_core::Memory::copy_large, the evm crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit 19ade85. Users should upgrade to 0.21.1, 0.23.1, 0.24.1, 0.25.1, >=0.26.1. There are no workarounds. Please upgrade your evm crate version.
AnalysisAI
evm is a pure Rust implementation of Ethereum Virtual Machine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
Technical ContextAI
This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use evm_core::Memory::copy_large, the evm crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit 19ade85. Users should upgrade to 0.21.1, 0.23.1, 0.24.1, 0.25.1, >=0.26.1. There are no workarounds. Please upgrade your evm crate version. Affected products include: Evm Project Evm.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Set resource limits, implement rate limiting, validate input sizes.
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. Rated critical severity (CVSS 9.8), this vulner
SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. Rated high severity (CVSS 7.5), this v
Rust EVM is an Ethereum Virtual Machine interpreter. Rated medium severity (CVSS 5.9), this vulnerability is remotely ex
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today