viem is vulnerable to Denial of Service (DoS)
45
Medium Risk
The fromRlp utility in viem decodes Recursive-Length Prefix (RLP) payloads by recursively walking each nested list through fromRlpCursor and readList. Before the fix this recursion had no depth limit, so an RLP payload built from many nested lists drives the decoder into unbounded recursion. Decoding untrusted RLP data such as serialized transactions or network responses can therefore exhaust the call stack and crash the decode operation or the surrounding process. The fix caps RLP decoding at a depth of 1024 and throws RlpDepthLimitExceededError once that limit is reached.
You are affected if you are using a version that falls within the vulnerable range and your application passes untrusted RLP data to fromRlp or related helpers.
viem is vulnerable to Denial of Service (DoS) in versions 0.1.0 - 2.53.1.
Upgrade the viem library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant