GHSA-7fw6-6mfj-g3q2: 
Rust vulnerability analysis and mitigation

The vulnerability (GHSA-7fw6-6mfj-g3q2) affects the CKB (Nervos CKB) blockchain node software versions <= 0.101.0. The issue lies in the HeaderChecker#check_valid function which skipped main chain checking, discovered and disclosed on November 2, 2022. This critical severity vulnerability impacts the transaction header dependencies validation mechanism (GitHub Advisory).

The vulnerability stems from a modification in the HeaderChecker#check_valid function that incorrectly skipped main chain validation checks. This change was introduced in a pull request that modified the validation logic. The technical impact of this oversight means that transactions could reference headers from forked blocks that don't exist in the local node's storage (GitHub Advisory).

The primary impact of this vulnerability is the potential for network forking. When a transaction uses a forked block header that doesn't exist in the local node's storage, it can lead to network consensus issues and chain splits. This represents a critical risk to the network's stability and security (GitHub Advisory).

The vulnerability has been patched in version 0.101.1 and later versions of the CKB software. Users and node operators should upgrade to version 0.101.1 or newer to protect against this vulnerability (GitHub Advisory).