High severityNVD Advisory· Published Sep 6, 2023· Updated Sep 26, 2024
Denial of service via malicious p2p message in go-ethereum
CVE-2023-40591
Description
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version 1.12.1-stable, i.e, 1.12.2-unstable and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ethereum/go-ethereumGo | < 1.12.1-stable | 1.12.1-stable |
Affected products
1- Range: < 1.12.1-stable
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-ppjg-v974-84cmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-40591ghsaADVISORY
- geth.ethereum.org/docs/developers/geth-developer/disclosuresghsax_refsource_MISCWEB
- github.com/ethereum/go-ethereum/releases/tag/v1.12.1ghsax_refsource_MISCWEB
- github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cmghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.