This page lists publicly disclosed CVE vulnerabilities affecting dfinity canister_developer_kit_for_the_internet_computer (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-7884 | When a canister method is called via ic_cdk::call* , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture allows multiple references to be held for this internal state and not all references were dropped before the Future is resolved. Since we have unaccounted references held, a copy of the internal state | 6b35d637-e00f-4228-858c-b20ad6e1d07b | 7.5 | 0.12% | 2024-09-05 | 2024-09-12 |