Lucene search
GoogleOSV:CVE-2023-40591HistorySep 06, 2023 - 7:15 p.m.
CVE-2023-40591
2023-09-0619:15:44
Google
osv.dev
8
cve-2023-40591
ethereum protocol
vulnerable node
memory consumption
p2p messages
attacker node
upgrade
no known workarounds
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version 1.12.1-stable, i.e, 1.12.2-unstable and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Related
cvelist
cvelist
CVE-2023-40591 Denial of service via malicious p2p message in go-ethereum
2023-09-06 18:07:20
nvd
nvd
CVE-2023-40591
2023-09-06 19:15:44
cve
cve
CVE-2023-40591
2023-09-06 19:15:44
veracode
veracode
Memory Exhaustion
2023-09-11 07:28:09
github
github
Go-Ethereum vulnerable to denial of service via malicious p2p message
2023-09-06 19:49:46
osv
osv
Unbounded memory consumption in github.com/ethereum/go-ethereum
2023-10-25 18:06:33
Go-Ethereum vulnerable to denial of service via malicious p2p message
2023-09-06 19:49:46
prion
prion
Design/Logic Flaw
2023-09-06 19:15:00