CVE-2021-35041

Published: Jun 24, 2021Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably and crash. More details are shown at: https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951

Affected (1)

Products: Fisco Bcos: Fisco Bcos

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fisco Bcos Fisco Bcos	Version 2.7.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.