evm

crates.io4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting evmpage 1 of 1

CVE-2021-29511MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.26.1
2021-05-12
vulnerable: 0.26.0
evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the `evm` crate can over-allocate memory when it i…
CVE-2021-41153HIGHCVSS 8.7EG 8.7✓ Fixed in 0.31.0
2021-10-18
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition chec…
CVE-2022-39354MEDIUMCVSS 5.9EG 5.9✓ Fixed in 0.36.0
2022-10-25
SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide i…
CVE-2024-21629MEDIUMCVSS 5.9EG 5.9✓ Fixed in 0.41.1
2024-01-02
Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the ca…

Check whether evm is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for evm CVEs against the assets you own.

Start Free Scan →