Moderate severityNVD Advisory· Published Oct 26, 2021· Updated Aug 4, 2024
DoS via maliciously crafted p2p message
CVE-2021-41173
Description
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ethereum/go-ethereumGo | < 1.10.9 | 1.10.9 |
Affected products
1- Range: < 1.10.9
Patches
1e40b37718326docs: update vulnerabilities with GHSA-59hh-656j-3p7v (#23801)
2 files changed · +19 −3
docs/_vulnerabilities/vulnerabilities.json+16 −0 modified@@ -132,5 +132,21 @@ "severity": "High", "CVE": "CVE-2021-39137", "check": "(Geth\\/v1\\.10\\.(0|1|2|3|4|5|6|7)-.*)$" + }, + { + "name": "DoS via maliciously crafted p2p message", + "uid": "GETH-2021-03", + "summary": "A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer.", + "description": "A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer.\nFurther details will be released at a later point in time, in accordance with our official disclosure policy.", + "links": [ + "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v", + "https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities" + ], + "introduced": "v1.10.0", + "fixed": "v1.10.9", + "published": "2021-10-24", + "severity": "Medium", + "CVE": "CVE-2021-41173", + "check": "(Geth\\/v1\\.10\\.(0|1|2|3|4|5|6|7|8)-.*)$" } ]
docs/_vulnerabilities/vulnerabilities.json.minisig+3 −3 modified@@ -1,4 +1,4 @@ untrusted comment: signature from minisign secret key -RWQk7Lo5TQgd+66wU0ZNQlDYTsqSFA2o1aeaPo1ccQMJK/EMFyirawrl8Rq4NJI9md6x1xUthAT0Lr3HeTIQhYBGRtYcG5su0A0= -trusted comment: timestamp:1630999630 file:vulnerabilities.json -ezWYr/g7o55e/Yb+rdnp5fZoER4zVBxsm7g0yNt0/hPUhLa86uM1hRTE1Boeg1HxajcVe+iNEmsB/rIokBq3Bg== +RWQk7Lo5TQgd+8l5duLP0gUKWHwGDmqe1FDRgmbZ0OE0D4dnw8W2MJhhq6ckZKhGnD7zW1Htw63mbnHuy7TDo0Oz99qwFfzv1w8= +trusted comment: timestamp:1635075909 file:vulnerabilities.json +827bn9OQI+f9gdKa1JSPYmnCpDGSKEWI2C9Ywz7Mlnvzi6Z9Ec+h+R5t/v9x7CLwXK8l5TMXgm6sv5JBduv8Dw==
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-59hh-656j-3p7vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41173ghsaADVISORY
- github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738ghsax_refsource_MISCWEB
- github.com/ethereum/go-ethereum/pull/23657/commits/f1fd963a5a965e643e52fcf805a2a02a323c32b8ghsaWEB
- github.com/ethereum/go-ethereum/pull/23801ghsax_refsource_MISCWEB
- github.com/ethereum/go-ethereum/releases/tag/v1.10.9ghsax_refsource_MISCWEB
- github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7vghsax_refsource_CONFIRMWEB
- pkg.go.dev/vuln/GO-2022-0256ghsaWEB
News mentions
0No linked articles in our index yet.