Search

Find a vulnerability

Search criteria

    32 vulnerabilities found for go-ethereum by ethereum

    CVE-2026-26315 (GCVE-0-2026-26315)

    Vulnerability from nvd – Published: 2026-02-19 21:22 – Updated: 2026-02-20 15:42
    VLAI
    Title
    Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake
    Summary
    go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. Geth maintainers recommend rotating the node key after applying the upgrade, which can be done by removing the file `<datadir>/geth/nodekey` before starting Geth.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.16.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26315",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-20T15:32:15.774857Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-20T15:42:16.395Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.16.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. Geth maintainers recommend rotating the node key after applying the upgrade, which can be done by removing the file `\u003cdatadir\u003e/geth/nodekey` before starting Geth."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-203",
                  "description": "CWE-203: Observable Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T21:22:41.188Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-m6j8-rg6r-7mv8",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-m6j8-rg6r-7mv8"
            }
          ],
          "source": {
            "advisory": "GHSA-m6j8-rg6r-7mv8",
            "discovery": "UNKNOWN"
          },
          "title": "Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-26315",
        "datePublished": "2026-02-19T21:22:41.188Z",
        "dateReserved": "2026-02-13T16:27:51.807Z",
        "dateUpdated": "2026-02-20T15:42:16.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26314 (GCVE-0-2026-26314)

    Vulnerability from nvd – Published: 2026-02-19 21:15 – Updated: 2026-02-20 15:42
    VLAI
    Title
    Go Ethereum affected by DoS via malicious p2p message
    Summary
    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.16.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-20T15:32:18.591679Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-20T15:42:28.197Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.16.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T21:15:11.752Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-2gjw-fg97-vg3r",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-2gjw-fg97-vg3r"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/commit/895a8597cb16c02203e38707ed2d1da5c500fe60",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/commit/895a8597cb16c02203e38707ed2d1da5c500fe60"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.16.9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.16.9"
            }
          ],
          "source": {
            "advisory": "GHSA-2gjw-fg97-vg3r",
            "discovery": "UNKNOWN"
          },
          "title": "Go Ethereum affected by DoS via malicious p2p message"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-26314",
        "datePublished": "2026-02-19T21:15:11.752Z",
        "dateReserved": "2026-02-13T16:27:51.807Z",
        "dateUpdated": "2026-02-20T15:42:28.197Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26313 (GCVE-0-2026-26313)

    Vulnerability from nvd – Published: 2026-02-19 21:07 – Updated: 2026-02-20 19:53
    VLAI
    Title
    Go Ethereum affected by DoS via malicious p2p message
    Summary
    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.17.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26313",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-20T19:51:54.100199Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-20T19:53:54.846Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.17.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T21:07:37.943Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-689v-6xwf-5jf3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-689v-6xwf-5jf3"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.17.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.17.0"
            }
          ],
          "source": {
            "advisory": "GHSA-689v-6xwf-5jf3",
            "discovery": "UNKNOWN"
          },
          "title": "Go Ethereum affected by DoS via malicious p2p message"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-26313",
        "datePublished": "2026-02-19T21:07:37.943Z",
        "dateReserved": "2026-02-13T16:27:51.807Z",
        "dateUpdated": "2026-02-20T19:53:54.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22868 (GCVE-0-2026-22868)

    Vulnerability from nvd – Published: 2026-01-13 20:27 – Updated: 2026-01-14 23:26
    VLAI
    Title
    go-ethereum has a DoS via malicious p2p message
    Summary
    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.16.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22868",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-14T23:25:57.688894Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-14T23:26:09.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.16.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T20:27:15.698Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-mq3p-rrmp-79jg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-mq3p-rrmp-79jg"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/commit/abeb78c647e354ed922726a1d719ac7bc64a07e2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/commit/abeb78c647e354ed922726a1d719ac7bc64a07e2"
            }
          ],
          "source": {
            "advisory": "GHSA-mq3p-rrmp-79jg",
            "discovery": "UNKNOWN"
          },
          "title": "go-ethereum has a DoS via malicious p2p message"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-22868",
        "datePublished": "2026-01-13T20:27:15.698Z",
        "dateReserved": "2026-01-12T16:20:16.747Z",
        "dateUpdated": "2026-01-14T23:26:09.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22862 (GCVE-0-2026-22862)

    Vulnerability from nvd – Published: 2026-01-13 20:27 – Updated: 2026-01-15 16:37
    VLAI
    Title
    go-ethereum has a DoS via malicious p2p message
    Summary
    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.16.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-15T16:36:19.141646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-15T16:37:30.177Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.16.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T20:27:10.979Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-mr7q-c9w9-wh4h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-mr7q-c9w9-wh4h"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/commit/abeb78c647e354ed922726a1d719ac7bc64a07e2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/commit/abeb78c647e354ed922726a1d719ac7bc64a07e2"
            }
          ],
          "source": {
            "advisory": "GHSA-mr7q-c9w9-wh4h",
            "discovery": "UNKNOWN"
          },
          "title": "go-ethereum has a DoS via malicious p2p message"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-22862",
        "datePublished": "2026-01-13T20:27:10.979Z",
        "dateReserved": "2026-01-12T16:20:16.746Z",
        "dateUpdated": "2026-01-15T16:37:30.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-24883 (GCVE-0-2025-24883)

    Vulnerability from nvd – Published: 2025-01-30 15:58 – Updated: 2025-01-30 16:25
    VLAI
    Title
    go-ethereum has a DoS via malicious p2p message
    Summary
    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: >= 1.14.0, < 1.14.13
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24883",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T16:25:02.782529Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-30T16:25:15.290Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.14.0, \u003c 1.14.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-30T15:58:29.344Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-q26p-9cq4-7fc2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-q26p-9cq4-7fc2"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/commit/fa9a2ff8687ec9efe57b4b9833d5590d20f8a83f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/commit/fa9a2ff8687ec9efe57b4b9833d5590d20f8a83f"
            }
          ],
          "source": {
            "advisory": "GHSA-q26p-9cq4-7fc2",
            "discovery": "UNKNOWN"
          },
          "title": "go-ethereum has a DoS via malicious p2p message"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-24883",
        "datePublished": "2025-01-30T15:58:10.488Z",
        "dateReserved": "2025-01-27T15:32:29.450Z",
        "dateUpdated": "2025-01-30T16:25:15.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32972 (GCVE-0-2024-32972)

    Vulnerability from nvd – Published: 2024-05-06 14:26 – Updated: 2024-08-02 02:27
    VLAI
    Title
    go-ethereum denial of service via malicious p2p message
    Summary
    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.13.15
    Create a notification for this product.
    ethereum go_ethereum Affected: 0 , < 1.13.15 (custom)
        cpe:2.3:a:ethereum:go_ethereum:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ethereum:go_ethereum:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "go_ethereum",
                "vendor": "ethereum",
                "versions": [
                  {
                    "lessThan": "1.13.15",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32972",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T19:07:59.118874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:50:49.796Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:27:53.323Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652"
              },
              {
                "name": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.13.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-06T14:26:19.510Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15"
            }
          ],
          "source": {
            "advisory": "GHSA-4xc9-8hmq-j652",
            "discovery": "UNKNOWN"
          },
          "title": "go-ethereum denial of service via malicious p2p message"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-32972",
        "datePublished": "2024-05-06T14:26:19.510Z",
        "dateReserved": "2024-04-22T15:14:59.165Z",
        "dateUpdated": "2024-08-02T02:27:53.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40591 (GCVE-0-2023-40591)

    Vulnerability from nvd – Published: 2023-09-06 18:07 – Updated: 2024-09-26 15:19
    VLAI
    Title
    Denial of service via malicious p2p message in go-ethereum
    Summary
    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.12.1-stable
    Create a notification for this product.
    ethereum go_ethereum Affected: 0 , < 1.12.1-stable (custom)
        cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:38:50.931Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm"
              },
              {
                "name": "https://geth.ethereum.org/docs/developers/geth-developer/disclosures",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://geth.ethereum.org/docs/developers/geth-developer/disclosures"
              },
              {
                "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "go_ethereum",
                "vendor": "ethereum",
                "versions": [
                  {
                    "lessThan": "1.12.1-stable",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40591",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T14:47:36.804026Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T15:19:33.428Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.12.1-stable"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-06T18:07:20.899Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm"
            },
            {
              "name": "https://geth.ethereum.org/docs/developers/geth-developer/disclosures",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://geth.ethereum.org/docs/developers/geth-developer/disclosures"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1"
            }
          ],
          "source": {
            "advisory": "GHSA-ppjg-v974-84cm",
            "discovery": "UNKNOWN"
          },
          "title": "Denial of service via malicious p2p message in go-ethereum"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-40591",
        "datePublished": "2023-09-06T18:07:20.899Z",
        "dateReserved": "2023-08-16T18:24:02.393Z",
        "dateUpdated": "2024-09-26T15:19:33.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29177 (GCVE-0-2022-29177)

    Vulnerability from nvd – Published: 2022-05-20 16:20 – Updated: 2025-04-23 18:24
    VLAI
    Title
    DoS via malicious p2p message in Go-Ethereum
    Summary
    Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.10.17
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:17:54.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/pull/24507"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29177",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T14:07:11.628533Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T18:24:38.893Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.10.17"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-20T16:20:09.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/pull/24507"
            }
          ],
          "source": {
            "advisory": "GHSA-wjxw-gh3m-7pm5",
            "discovery": "UNKNOWN"
          },
          "title": "DoS via malicious p2p message in Go-Ethereum",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2022-29177",
              "STATE": "PUBLIC",
              "TITLE": "DoS via malicious p2p message in Go-Ethereum"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "go-ethereum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.10.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ethereum"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400: Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/pull/24507",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/pull/24507"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-wjxw-gh3m-7pm5",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2022-29177",
        "datePublished": "2022-05-20T16:20:10.000Z",
        "dateReserved": "2022-04-13T00:00:00.000Z",
        "dateUpdated": "2025-04-23T18:24:38.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41173 (GCVE-0-2021-41173)

    Vulnerability from nvd – Published: 2021-10-26 14:05 – Updated: 2024-08-04 02:59
    VLAI
    Title
    DoS via maliciously crafted p2p message
    Summary
    Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.10.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:59:31.575Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/pull/23801"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.10.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-26T14:05:12.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/pull/23801"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9"
            }
          ],
          "source": {
            "advisory": "GHSA-59hh-656j-3p7v",
            "discovery": "UNKNOWN"
          },
          "title": "DoS via maliciously crafted p2p message",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2021-41173",
              "STATE": "PUBLIC",
              "TITLE": "DoS via maliciously crafted p2p message"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "go-ethereum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.10.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ethereum"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20: Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/pull/23801",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/pull/23801"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-59hh-656j-3p7v",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-41173",
        "datePublished": "2021-10-26T14:05:12.000Z",
        "dateReserved": "2021-09-15T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:59:31.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39137 (GCVE-0-2021-39137)

    Vulnerability from nvd – Published: 2021-08-24 16:05 – Updated: 2024-08-04 01:58
    VLAI
    Title
    Consensus flaw during block processing in go-ethereum
    Summary
    go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available.
    CWE
    • CWE-436 - Interpretation Conflict
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: >= 1.10.0, < 1.10.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:58:17.913Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.10.0, \u003c 1.10.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-436",
                  "description": "CWE-436: Interpretation Conflict",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-24T16:05:10.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8"
            }
          ],
          "source": {
            "advisory": "GHSA-9856-9gg9-qcmq",
            "discovery": "UNKNOWN"
          },
          "title": "Consensus flaw during block processing in go-ethereum",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2021-39137",
              "STATE": "PUBLIC",
              "TITLE": "Consensus flaw during block processing in go-ethereum"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "go-ethereum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e= 1.10.0, \u003c 1.10.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ethereum"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-436: Interpretation Conflict"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-9856-9gg9-qcmq",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-39137",
        "datePublished": "2021-08-24T16:05:10.000Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:58:17.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-26265 (GCVE-0-2020-26265)

    Vulnerability from nvd – Published: 2020-12-11 16:45 – Updated: 2024-08-04 15:56
    VLAI
    Title
    Consensus flaw during block processing
    Summary
    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: >= 1.9.4, < 1.9.20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:56:03.493Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.4, \u003c 1.9.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-682",
                  "description": "CWE-682 Incorrect Calculation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T16:45:15.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20"
            }
          ],
          "source": {
            "advisory": "GHSA-xw37-57qp-9mm4",
            "discovery": "UNKNOWN"
          },
          "title": "Consensus flaw during block processing",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-26265",
              "STATE": "PUBLIC",
              "TITLE": "Consensus flaw during block processing"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "go-ethereum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e= 1.9.4, \u003c 1.9.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ethereum"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-682 Incorrect Calculation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-xw37-57qp-9mm4",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-26265",
        "datePublished": "2020-12-11T16:45:15.000Z",
        "dateReserved": "2020-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:56:03.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-26264 (GCVE-0-2020-26264)

    Vulnerability from nvd – Published: 2020-12-11 16:45 – Updated: 2024-08-04 15:56
    VLAI
    Title
    LES Server DoS via GetProofsV2
    Summary
    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.9.25
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:56:04.248Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/pull/21896"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.25"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.9.25"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T16:45:24.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/pull/21896"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.25"
            }
          ],
          "source": {
            "advisory": "GHSA-r33q-22hv-j29q",
            "discovery": "UNKNOWN"
          },
          "title": "LES Server DoS via GetProofsV2",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-26264",
              "STATE": "PUBLIC",
              "TITLE": "LES Server DoS via GetProofsV2"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "go-ethereum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.9.25"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ethereum"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/pull/21896",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/pull/21896"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.25",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.25"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-r33q-22hv-j29q",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-26264",
        "datePublished": "2020-12-11T16:45:24.000Z",
        "dateReserved": "2020-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:56:04.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-26242 (GCVE-0-2020-26242)

    Vulnerability from nvd – Published: 2020-11-25 01:25 – Updated: 2024-08-04 15:56
    VLAI
    Title
    Denial of service in geth
    Summary
    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.
    CWE
    • Denial-of-service
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.9.18
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:56:03.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83m"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.9.18"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial-of-service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-25T01:25:15.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83m"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
            }
          ],
          "source": {
            "advisory": "GHSA-jm5c-rv3w-w83m",
            "discovery": "UNKNOWN"
          },
          "title": "Denial of service in geth",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-26242",
              "STATE": "PUBLIC",
              "TITLE": "Denial of service in geth"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "go-ethereum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.9.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ethereum"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial-of-service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83m",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83m"
                },
                {
                  "name": "https://blog.ethereum.org/2020/11/12/geth_security_release/",
                  "refsource": "MISC",
                  "url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-jm5c-rv3w-w83m",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-26242",
        "datePublished": "2020-11-25T01:25:15.000Z",
        "dateReserved": "2020-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:56:03.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-26241 (GCVE-0-2020-26241)

    Vulnerability from nvd – Published: 2020-11-25 01:25 – Updated: 2024-08-04 15:56
    VLAI
    Title
    Shallow copy bug in geth
    Summary
    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that writes X to an EVM memory region R, then calls 0x00..04 with R as an argument, then overwrites R to Y, and finally invokes the RETURNDATACOPY opcode. When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y. This is fixed in version 1.9.17.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: >= 1.9.7, < 1.9.17
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:56:03.871Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-69v6-xc2j-r2jf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.7, \u003c 1.9.17"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth\u0027s pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that writes X to an EVM memory region R, then calls 0x00..04 with R as an argument, then overwrites R to Y, and finally invokes the RETURNDATACOPY opcode. When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y. This is fixed in version 1.9.17."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-682",
                  "description": "CWE-682: Incorrect Calculation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-25T01:25:20.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-69v6-xc2j-r2jf"
            }
          ],
          "source": {
            "advisory": "GHSA-69v6-xc2j-r2jf",
            "discovery": "UNKNOWN"
          },
          "title": "Shallow copy bug in geth",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-26241",
              "STATE": "PUBLIC",
              "TITLE": "Shallow copy bug in geth"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "go-ethereum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e= 1.9.7, \u003c 1.9.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ethereum"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth\u0027s pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that writes X to an EVM memory region R, then calls 0x00..04 with R as an argument, then overwrites R to Y, and finally invokes the RETURNDATACOPY opcode. When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y. This is fixed in version 1.9.17."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-682: Incorrect Calculation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://blog.ethereum.org/2020/11/12/geth_security_release/",
                  "refsource": "MISC",
                  "url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-69v6-xc2j-r2jf",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-69v6-xc2j-r2jf"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-69v6-xc2j-r2jf",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-26241",
        "datePublished": "2020-11-25T01:25:20.000Z",
        "dateReserved": "2020-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:56:03.871Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-26240 (GCVE-0-2020-26240)

    Vulnerability from nvd – Published: 2020-11-25 01:25 – Updated: 2024-08-04 15:56
    VLAI
    Title
    Erroneous Proof of Work calculation in geth
    Summary
    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.9.24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:56:04.861Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/pull/21793"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.9.24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-682",
                  "description": "CWE-682: Incorrect Calculation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-25T01:25:27.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/pull/21793"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0"
            }
          ],
          "source": {
            "advisory": "GHSA-v592-xf75-856p",
            "discovery": "UNKNOWN"
          },
          "title": "Erroneous Proof of Work calculation in geth",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-26240",
              "STATE": "PUBLIC",
              "TITLE": "Erroneous Proof of Work calculation in geth"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "go-ethereum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.9.24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ethereum"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-682: Incorrect Calculation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://blog.ethereum.org/2020/11/12/geth_security_release/",
                  "refsource": "MISC",
                  "url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/pull/21793",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/pull/21793"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-v592-xf75-856p",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-26240",
        "datePublished": "2020-11-25T01:25:27.000Z",
        "dateReserved": "2020-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:56:04.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-26315 (GCVE-0-2026-26315)

    Vulnerability from cvelistv5 – Published: 2026-02-19 21:22 – Updated: 2026-02-20 15:42
    VLAI
    Title
    Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake
    Summary
    go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. Geth maintainers recommend rotating the node key after applying the upgrade, which can be done by removing the file `<datadir>/geth/nodekey` before starting Geth.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.16.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26315",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-20T15:32:15.774857Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-20T15:42:16.395Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.16.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. Geth maintainers recommend rotating the node key after applying the upgrade, which can be done by removing the file `\u003cdatadir\u003e/geth/nodekey` before starting Geth."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-203",
                  "description": "CWE-203: Observable Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T21:22:41.188Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-m6j8-rg6r-7mv8",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-m6j8-rg6r-7mv8"
            }
          ],
          "source": {
            "advisory": "GHSA-m6j8-rg6r-7mv8",
            "discovery": "UNKNOWN"
          },
          "title": "Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-26315",
        "datePublished": "2026-02-19T21:22:41.188Z",
        "dateReserved": "2026-02-13T16:27:51.807Z",
        "dateUpdated": "2026-02-20T15:42:16.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26314 (GCVE-0-2026-26314)

    Vulnerability from cvelistv5 – Published: 2026-02-19 21:15 – Updated: 2026-02-20 15:42
    VLAI
    Title
    Go Ethereum affected by DoS via malicious p2p message
    Summary
    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.16.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-20T15:32:18.591679Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-20T15:42:28.197Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.16.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T21:15:11.752Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-2gjw-fg97-vg3r",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-2gjw-fg97-vg3r"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/commit/895a8597cb16c02203e38707ed2d1da5c500fe60",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/commit/895a8597cb16c02203e38707ed2d1da5c500fe60"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.16.9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.16.9"
            }
          ],
          "source": {
            "advisory": "GHSA-2gjw-fg97-vg3r",
            "discovery": "UNKNOWN"
          },
          "title": "Go Ethereum affected by DoS via malicious p2p message"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-26314",
        "datePublished": "2026-02-19T21:15:11.752Z",
        "dateReserved": "2026-02-13T16:27:51.807Z",
        "dateUpdated": "2026-02-20T15:42:28.197Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26313 (GCVE-0-2026-26313)

    Vulnerability from cvelistv5 – Published: 2026-02-19 21:07 – Updated: 2026-02-20 19:53
    VLAI
    Title
    Go Ethereum affected by DoS via malicious p2p message
    Summary
    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.17.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26313",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-20T19:51:54.100199Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-20T19:53:54.846Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.17.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T21:07:37.943Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-689v-6xwf-5jf3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-689v-6xwf-5jf3"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.17.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.17.0"
            }
          ],
          "source": {
            "advisory": "GHSA-689v-6xwf-5jf3",
            "discovery": "UNKNOWN"
          },
          "title": "Go Ethereum affected by DoS via malicious p2p message"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-26313",
        "datePublished": "2026-02-19T21:07:37.943Z",
        "dateReserved": "2026-02-13T16:27:51.807Z",
        "dateUpdated": "2026-02-20T19:53:54.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22868 (GCVE-0-2026-22868)

    Vulnerability from cvelistv5 – Published: 2026-01-13 20:27 – Updated: 2026-01-14 23:26
    VLAI
    Title
    go-ethereum has a DoS via malicious p2p message
    Summary
    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.16.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22868",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-14T23:25:57.688894Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-14T23:26:09.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.16.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T20:27:15.698Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-mq3p-rrmp-79jg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-mq3p-rrmp-79jg"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/commit/abeb78c647e354ed922726a1d719ac7bc64a07e2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/commit/abeb78c647e354ed922726a1d719ac7bc64a07e2"
            }
          ],
          "source": {
            "advisory": "GHSA-mq3p-rrmp-79jg",
            "discovery": "UNKNOWN"
          },
          "title": "go-ethereum has a DoS via malicious p2p message"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-22868",
        "datePublished": "2026-01-13T20:27:15.698Z",
        "dateReserved": "2026-01-12T16:20:16.747Z",
        "dateUpdated": "2026-01-14T23:26:09.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22862 (GCVE-0-2026-22862)

    Vulnerability from cvelistv5 – Published: 2026-01-13 20:27 – Updated: 2026-01-15 16:37
    VLAI
    Title
    go-ethereum has a DoS via malicious p2p message
    Summary
    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.16.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-15T16:36:19.141646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-15T16:37:30.177Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.16.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T20:27:10.979Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-mr7q-c9w9-wh4h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-mr7q-c9w9-wh4h"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/commit/abeb78c647e354ed922726a1d719ac7bc64a07e2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/commit/abeb78c647e354ed922726a1d719ac7bc64a07e2"
            }
          ],
          "source": {
            "advisory": "GHSA-mr7q-c9w9-wh4h",
            "discovery": "UNKNOWN"
          },
          "title": "go-ethereum has a DoS via malicious p2p message"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-22862",
        "datePublished": "2026-01-13T20:27:10.979Z",
        "dateReserved": "2026-01-12T16:20:16.746Z",
        "dateUpdated": "2026-01-15T16:37:30.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-24883 (GCVE-0-2025-24883)

    Vulnerability from cvelistv5 – Published: 2025-01-30 15:58 – Updated: 2025-01-30 16:25
    VLAI
    Title
    go-ethereum has a DoS via malicious p2p message
    Summary
    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: >= 1.14.0, < 1.14.13
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24883",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T16:25:02.782529Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-30T16:25:15.290Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.14.0, \u003c 1.14.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-30T15:58:29.344Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-q26p-9cq4-7fc2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-q26p-9cq4-7fc2"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/commit/fa9a2ff8687ec9efe57b4b9833d5590d20f8a83f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/commit/fa9a2ff8687ec9efe57b4b9833d5590d20f8a83f"
            }
          ],
          "source": {
            "advisory": "GHSA-q26p-9cq4-7fc2",
            "discovery": "UNKNOWN"
          },
          "title": "go-ethereum has a DoS via malicious p2p message"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-24883",
        "datePublished": "2025-01-30T15:58:10.488Z",
        "dateReserved": "2025-01-27T15:32:29.450Z",
        "dateUpdated": "2025-01-30T16:25:15.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32972 (GCVE-0-2024-32972)

    Vulnerability from cvelistv5 – Published: 2024-05-06 14:26 – Updated: 2024-08-02 02:27
    VLAI
    Title
    go-ethereum denial of service via malicious p2p message
    Summary
    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.13.15
    Create a notification for this product.
    ethereum go_ethereum Affected: 0 , < 1.13.15 (custom)
        cpe:2.3:a:ethereum:go_ethereum:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ethereum:go_ethereum:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "go_ethereum",
                "vendor": "ethereum",
                "versions": [
                  {
                    "lessThan": "1.13.15",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32972",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T19:07:59.118874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:50:49.796Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:27:53.323Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652"
              },
              {
                "name": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.13.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-06T14:26:19.510Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15"
            }
          ],
          "source": {
            "advisory": "GHSA-4xc9-8hmq-j652",
            "discovery": "UNKNOWN"
          },
          "title": "go-ethereum denial of service via malicious p2p message"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-32972",
        "datePublished": "2024-05-06T14:26:19.510Z",
        "dateReserved": "2024-04-22T15:14:59.165Z",
        "dateUpdated": "2024-08-02T02:27:53.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40591 (GCVE-0-2023-40591)

    Vulnerability from cvelistv5 – Published: 2023-09-06 18:07 – Updated: 2024-09-26 15:19
    VLAI
    Title
    Denial of service via malicious p2p message in go-ethereum
    Summary
    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.12.1-stable
    Create a notification for this product.
    ethereum go_ethereum Affected: 0 , < 1.12.1-stable (custom)
        cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:38:50.931Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm"
              },
              {
                "name": "https://geth.ethereum.org/docs/developers/geth-developer/disclosures",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://geth.ethereum.org/docs/developers/geth-developer/disclosures"
              },
              {
                "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "go_ethereum",
                "vendor": "ethereum",
                "versions": [
                  {
                    "lessThan": "1.12.1-stable",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40591",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T14:47:36.804026Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T15:19:33.428Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.12.1-stable"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-06T18:07:20.899Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm"
            },
            {
              "name": "https://geth.ethereum.org/docs/developers/geth-developer/disclosures",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://geth.ethereum.org/docs/developers/geth-developer/disclosures"
            },
            {
              "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1"
            }
          ],
          "source": {
            "advisory": "GHSA-ppjg-v974-84cm",
            "discovery": "UNKNOWN"
          },
          "title": "Denial of service via malicious p2p message in go-ethereum"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-40591",
        "datePublished": "2023-09-06T18:07:20.899Z",
        "dateReserved": "2023-08-16T18:24:02.393Z",
        "dateUpdated": "2024-09-26T15:19:33.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29177 (GCVE-0-2022-29177)

    Vulnerability from cvelistv5 – Published: 2022-05-20 16:20 – Updated: 2025-04-23 18:24
    VLAI
    Title
    DoS via malicious p2p message in Go-Ethereum
    Summary
    Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.10.17
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:17:54.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/pull/24507"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29177",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T14:07:11.628533Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T18:24:38.893Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.10.17"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-20T16:20:09.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/pull/24507"
            }
          ],
          "source": {
            "advisory": "GHSA-wjxw-gh3m-7pm5",
            "discovery": "UNKNOWN"
          },
          "title": "DoS via malicious p2p message in Go-Ethereum",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2022-29177",
              "STATE": "PUBLIC",
              "TITLE": "DoS via malicious p2p message in Go-Ethereum"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "go-ethereum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.10.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ethereum"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400: Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/pull/24507",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/pull/24507"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-wjxw-gh3m-7pm5",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2022-29177",
        "datePublished": "2022-05-20T16:20:10.000Z",
        "dateReserved": "2022-04-13T00:00:00.000Z",
        "dateUpdated": "2025-04-23T18:24:38.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41173 (GCVE-0-2021-41173)

    Vulnerability from cvelistv5 – Published: 2021-10-26 14:05 – Updated: 2024-08-04 02:59
    VLAI
    Title
    DoS via maliciously crafted p2p message
    Summary
    Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.10.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:59:31.575Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/pull/23801"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.10.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-26T14:05:12.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/pull/23801"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9"
            }
          ],
          "source": {
            "advisory": "GHSA-59hh-656j-3p7v",
            "discovery": "UNKNOWN"
          },
          "title": "DoS via maliciously crafted p2p message",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2021-41173",
              "STATE": "PUBLIC",
              "TITLE": "DoS via maliciously crafted p2p message"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "go-ethereum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.10.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ethereum"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20: Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/pull/23801",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/pull/23801"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-59hh-656j-3p7v",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-41173",
        "datePublished": "2021-10-26T14:05:12.000Z",
        "dateReserved": "2021-09-15T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:59:31.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39137 (GCVE-0-2021-39137)

    Vulnerability from cvelistv5 – Published: 2021-08-24 16:05 – Updated: 2024-08-04 01:58
    VLAI
    Title
    Consensus flaw during block processing in go-ethereum
    Summary
    go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available.
    CWE
    • CWE-436 - Interpretation Conflict
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: >= 1.10.0, < 1.10.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:58:17.913Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.10.0, \u003c 1.10.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-436",
                  "description": "CWE-436: Interpretation Conflict",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-24T16:05:10.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8"
            }
          ],
          "source": {
            "advisory": "GHSA-9856-9gg9-qcmq",
            "discovery": "UNKNOWN"
          },
          "title": "Consensus flaw during block processing in go-ethereum",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2021-39137",
              "STATE": "PUBLIC",
              "TITLE": "Consensus flaw during block processing in go-ethereum"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "go-ethereum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e= 1.10.0, \u003c 1.10.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ethereum"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-436: Interpretation Conflict"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-9856-9gg9-qcmq",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-39137",
        "datePublished": "2021-08-24T16:05:10.000Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:58:17.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-26264 (GCVE-0-2020-26264)

    Vulnerability from cvelistv5 – Published: 2020-12-11 16:45 – Updated: 2024-08-04 15:56
    VLAI
    Title
    LES Server DoS via GetProofsV2
    Summary
    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.9.25
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:56:04.248Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/pull/21896"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.25"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.9.25"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T16:45:24.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/pull/21896"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.25"
            }
          ],
          "source": {
            "advisory": "GHSA-r33q-22hv-j29q",
            "discovery": "UNKNOWN"
          },
          "title": "LES Server DoS via GetProofsV2",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-26264",
              "STATE": "PUBLIC",
              "TITLE": "LES Server DoS via GetProofsV2"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "go-ethereum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.9.25"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ethereum"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/pull/21896",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/pull/21896"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.25",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.25"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-r33q-22hv-j29q",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-26264",
        "datePublished": "2020-12-11T16:45:24.000Z",
        "dateReserved": "2020-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:56:04.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-26265 (GCVE-0-2020-26265)

    Vulnerability from cvelistv5 – Published: 2020-12-11 16:45 – Updated: 2024-08-04 15:56
    VLAI
    Title
    Consensus flaw during block processing
    Summary
    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: >= 1.9.4, < 1.9.20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:56:03.493Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.4, \u003c 1.9.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-682",
                  "description": "CWE-682 Incorrect Calculation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T16:45:15.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20"
            }
          ],
          "source": {
            "advisory": "GHSA-xw37-57qp-9mm4",
            "discovery": "UNKNOWN"
          },
          "title": "Consensus flaw during block processing",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-26265",
              "STATE": "PUBLIC",
              "TITLE": "Consensus flaw during block processing"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "go-ethereum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e= 1.9.4, \u003c 1.9.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ethereum"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-682 Incorrect Calculation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-xw37-57qp-9mm4",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-26265",
        "datePublished": "2020-12-11T16:45:15.000Z",
        "dateReserved": "2020-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:56:03.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-26240 (GCVE-0-2020-26240)

    Vulnerability from cvelistv5 – Published: 2020-11-25 01:25 – Updated: 2024-08-04 15:56
    VLAI
    Title
    Erroneous Proof of Work calculation in geth
    Summary
    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    ethereum go-ethereum Affected: < 1.9.24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:56:04.861Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/pull/21793"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "go-ethereum",
              "vendor": "ethereum",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.9.24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-682",
                  "description": "CWE-682: Incorrect Calculation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-25T01:25:27.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/pull/21793"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0"
            }
          ],
          "source": {
            "advisory": "GHSA-v592-xf75-856p",
            "discovery": "UNKNOWN"
          },
          "title": "Erroneous Proof of Work calculation in geth",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-26240",
              "STATE": "PUBLIC",
              "TITLE": "Erroneous Proof of Work calculation in geth"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "go-ethereum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.9.24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ethereum"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-682: Incorrect Calculation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://blog.ethereum.org/2020/11/12/geth_security_release/",
                  "refsource": "MISC",
                  "url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/pull/21793",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/pull/21793"
                },
                {
                  "name": "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0",
                  "refsource": "MISC",
                  "url": "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-v592-xf75-856p",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-26240",
        "datePublished": "2020-11-25T01:25:27.000Z",
        "dateReserved": "2020-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:56:04.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }