Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Azle calling `setTimer` causes infinite loop of timers
Vulnerability Description
Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP. Calling `setTimer` in Azle versions `0.27.0`, `0.28.0`, and `0.29.0` causes an immediate infinite loop of timers to be executed on the canister, each timer attempting to clean up the global state of the previous timer. The infinite loop will occur with any valid invocation of `setTimer`. The problem has been fixed as of Azle version `0.30.0`. As a workaround, if a canister is caught in this infinite loop after calling `setTimer`, the canister can be upgraded and the timers will all be cleared, thus ending the loop.
CVSS Information
N/A
Vulnerability Type
不可达退出条件的循环(无限循环)
Vulnerability Title
Azle 安全漏洞
Vulnerability Description
Azle是Demergent开源的一个 ICP 上 TypeScript 和 JavaScript 的 WebAssembly 运行时。 Azle 0.27.0版本、0.28.0版本和0.29.0版本存在安全漏洞,该漏洞源于调用setTimer可能导致无限循环。
CVSS Information
N/A
Vulnerability Type
N/A