Recently, when we reviewed on the vulnerability, CVE-2018-17145, we found that it might also still affect Ravencoin Core to incur a DDoS attack.
For details, see the function call GetMainSignals().Inventory(inv.hash) in src/net_processing.cpp (Line 1145-1146 and Line 1597-1598), the unlimited call of this function would grow the size of variable m_callbacks_pending and ran out of memory which may lead to a crash.
The variable m_callbacks_pending in src/scheduler.h (Line 99) is used in src/scheduler.cpp (scheduler.cpp).
A possible solution is to delete the function call GetMainSignals().Inventory(inv.hash) in src/net_processing.cpp to avoid memory exhaustion.
For more attack and fixing details, you can refer to the following pages.
fdoving
commented
2 years ago
Potential DDoS Attack
Recently, when we reviewed on the vulnerability, CVE-2018-17145, we found that it might also still affect Ravencoin Core to incur a DDoS attack.
For details, see the function call
GetMainSignals().Inventory(inv.hash)insrc/net_processing.cpp(Line 1145-1146 and Line 1597-1598), the unlimited call of this function would grow the size of variablem_callbacks_pendingand ran out of memory which may lead to a crash.The variable
m_callbacks_pendinginsrc/scheduler.h(Line 99) is used insrc/scheduler.cpp(scheduler.cpp).A possible solution is to delete the function call
GetMainSignals().Inventory(inv.hash)insrc/net_processing.cppto avoid memory exhaustion.For more attack and fixing details, you can refer to the following pages.
Reported by
de957ad9679f28a38f02f00cc7928bce8fb424882ff060a3c09c32895b1474cc.