Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of “assembly { mstore }” followed by a “c[0xC800000] = 0xFF” assignment.
CPE | Name | Operator | Version |
---|---|---|---|
go-ethereum | eq | 0.9.25 | |
go-ethereum | eq | 1.7.3 | |
go-ethereum | eq | 0.6.8 | |
go-ethereum | eq | 0.6.7 | |
go-ethereum | eq | 0.6.5 | |
go-ethereum | eq | 1.5.3 | |
go-ethereum | eq | 0.8.5 | |
go-ethereum | eq | 0.9.24 | |
go-ethereum | eq | 1.8.11 | |
go-ethereum | eq | 1.6.2 |