CVE-2021-42219
Description
Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Go-Ethereum v1.10.9 has a memory exhaustion vulnerability in ethash/algorithm.go, allowing remote attackers to cause a denial of service via excessive messages.
Vulnerability
A memory management issue exists in Go-Ethereum v1.10.9 within the /ethash/algorithm.go component. The missing memory allocation handling allows an attacker to exhaust the node's memory resources by sending an excessive number of messages, leading to a denial of service (DoS) condition [1].
Exploitation
An attacker can exploit this vulnerability remotely by sending a large volume of messages to an affected Go-Ethereum node. No authentication is required. The excessive messages trigger the memory flaw, gradually consuming available memory until the node becomes unresponsive or crashes [1].
Impact
Successful exploitation results in a denial of service (DoS) due to memory exhaustion. The node may crash or become unresponsive, disrupting network participation and services. No other impact (e.g., code execution or data leakage) has been reported [1].
Mitigation
As of the published description, no fixed version has been explicitly disclosed in the available references. Users of Go-Ethereum v1.10.9 should monitor the project's release notes for a patched version and consider upgrading immediately once available [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ethereum/go-ethereumGo | <= 1.10.9 | — |
Affected products
2- Go-Ethereum/Go-Ethereumdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-vrcc-g6vj-mh5wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-42219ghsaADVISORY
- docs.google.com/document/d/1dYFSpNZPC0OV-n1mMqdc269u9yYU1XQy/editghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.