Miggo Logo
Miggo Vulnerability Database
GHSA-773q-5334-5gf9

GHSA-773q-5334-5gf9: Memory over-allocation in evm-core

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-773q-5334-5gf9
EPSS Score
-
CWE
CWE-789
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
evm-corerust>= 0.26.0, < 0.26.10.26.1
evm-corerust>= 0.25.0, < 0.25.10.25.1
evm-corerust>= 0.24.0, < 0.24.10.24.1
evm-corerust>= 0.23.0, < 0.23.10.23.1
evm-corerust< 0.21.10.21.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability was explicitly linked to Memory::copy_large in the advisory description. The patch commit 19ade85 modifies this function by adding an early return when the input value is empty, directly addressing the over-allocation issue. The CWE-789 classification matches the pattern of unchecked memory allocation size validation. The file path and function name are explicitly referenced in both the vulnerability description and commit diff.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Prior to t** p*t**, w**n *x**utin* sp**i*i* *VM op*o**s r*l*t** to m*mory op*r*tions t**t us* `*vm_*or*::M*mory::*opy_l*r**`, t** *r*t* **n ov*r-*llo**t* m*mory w**n it is not n*****, m*kin* it possi*l* *or *n *tt**k*r to p*r*orm **ni*l-o*-s*rvi** *t

Reasoning

T** vuln*r**ility w*s *xpli*itly link** to `M*mory::*opy_l*r**` in t** **visory **s*ription. T** p*t** *ommit `*******` mo*i*i*s t*is *un*tion *y ***in* *n **rly r*turn w**n t** input v*lu* is *mpty, *ir**tly ***r*ssin* t** ov*r-*llo**tion issu*. T**