High severity7.5NVD Advisory· Published May 6, 2024· Updated Apr 15, 2026

CVE-2024-32972

Description

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version 1.13.15 and onwards.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/ethereum/go-ethereumGo	< 1.13.15	1.13.15

Patches

c5ba367eb623

https://github.com/ethereum/go-ethereumvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-4xc9-8hmq-j652ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-32972ghsaADVISORY
github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15nvdWEB
github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000