Lucene search
GoogleOSV:CVE-2020-26264HistoryDec 11, 2020 - 5:15 p.m.
CVE-2020-26264
2020-12-1117:15:12
Google
osv.dev
3
Go Ethereum, or “Geth”, is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25.
| CPE | Name | Operator | Version |
|---|---|---|---|
| go-ethereum | eq | poc5-rc6 | |
| go-ethereum | eq | 0.5.13 | |
| go-ethereum | eq | 0.9.17 | |
| go-ethereum | eq | 1.9.11 | |
| go-ethereum | eq | 0.9.38 | |
| go-ethereum | eq | 2 | |
| go-ethereum | eq | 0.9.18 | |
| go-ethereum | eq | 1.9.0 | |
| go-ethereum | eq | 1.0.1 | |
| go-ethereum | eq | 0.6.5-1 |
Related
prion
prion
Denial of service
2020-12-11 17:15:00
osv
osv
Denial of service in github.com/ethereum/go-ethereum
2021-06-29 21:14:07
github
github
Denial of service in github.com/ethereum/go-ethereum
2021-06-29 21:14:07
nvd
nvd
CVE-2020-26264
2020-12-11 17:15:12
cve
cve
CVE-2020-26264
2020-12-11 17:15:12
veracode
veracode
Denial Of Service (DoS)
2024-02-06 07:36:59
cvelist
cvelist
CVE-2020-26264 LES Server DoS via GetProofsV2
2020-12-11 16:45:24