|
|
|
|
|
|
by nullc
2664 days ago
|
|
|
> So is it that core is not affected by that last CVE at all Not at all. "re: deserialization memory allocation: as should be obvious from the code snippet in the report, the Unersialize_impl function for vector types does not allocate more than 5MB at a time, instead ensuring the input stream has the neccessary amount of data to fill the allocation first. Thus, this function will never allocate (materially) more than the input stream, which in this case is limited by the maximum message size. In the case of Bitcoin Core this is limited to around 4MB, though again, I understand Bitcoin SV has significantly increased this limit. Thanks again for the report!" |
|
|