Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uninitialized memory access in Motoko incremental garbage collector
Vulnerability Description
Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations. This vulnerability could potentially allow unauthorized read or write access to a Canister's memory. However, exploiting this bug requires the Canister to enable the incremental garbage collector or enhanced orthogonal persistence, which are non-default features in Motoko.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对未经初始化资源的使用
Vulnerability Title
Motoko 安全漏洞
Vulnerability Description
Motoko是DFINITY开源的一种安全、简单、基于参与者的编程语言,用于构建互联网计算机 (ICP) 罐智能合约。 Motoko存在安全漏洞,该漏洞源于增量垃圾收集器包含一个未初始化内存访问错误。
CVSS Information
N/A
Vulnerability Type
N/A