GHSA-29c2-65rj-h343: 
Rust vulnerability analysis and mitigation

The vulnerability (GHSA-29c2-65rj-h343) affects the Nervos CKB blockchain platform, specifically related to the load_cell_data syscall functionality. It was discovered and disclosed on April 25, 2021, affecting multiple versions including 0.39.0-rc1, 0.35.0-rc1 through 0.35.2, 0.36.0-rc1 through 0.36.1, 0.37.0-rc1 through 0.37.1, and 0.38.0-rc1 through 0.38.2. The issue was classified as having moderate severity (GitHub Advisory).

The vulnerability involves the handling of load_cell_data syscalls when input cells are still in the mempool. The issue stems from changes in how cell data is loaded from memory, affecting the transaction verification process. The fix involved modifying how nodes handle cell data loading and verification, particularly in the context of memory-resident cells (CKB Commit).

When exploited, the vulnerability causes faulty nodes to reject valid transactions that call the load_cell_data syscall when the input cell remains in the mempool. More significantly, affected nodes would ban other nodes from the network, leading to network separation and disrupting the blockchain's normal operation (GitHub Advisory).

The issue has been patched in multiple versions: 0.35.2, 0.36.1, 0.37.1, 0.38.2, and 0.39.0. Users are advised to upgrade to these patched versions to prevent network disruption (GitHub Advisory).