Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-WJXW-GH3M-7PM5
HistoryMay 24, 2022 - 8:54 p.m.

DoS via malicious p2p message in Go Ethereum

2022-05-2420:54:55
Google
osv.dev
12
dos
malicious p2p message
go ethereum
vulnerability
crash
logging
attacker
node
patch
workaround
bounty
médecins sans frontières
issue
advisory

EPSS

0.001

Percentile

39.2%

JSON

Impact

A vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node.

Patches

The following PR addresses the problem: https://github.com/ethereum/go-ethereum/pull/24507

Workarounds

Aside from applying the PR linked above, setting loglevel to default level (INFO) makes the node not vulnerable to this attack.

Credits

This bug was reported by nrv via [email protected], who has gracefully requested that the bounty rewards be donated to Médecins sans frontières.

For more information

If you have any questions or comments about this advisory:

Related

cve 1
osv 2
nvd 1
github 1
cvelist 1
veracode 1
prion 1
cve
cve
CVE-2022-29177
2022-05-20 17:15:07
osv
osv
DoS via malicious p2p message in Go Ethereum in github.com/ethereum/go-ethereum
2024-08-21 15:11:31
CVE-2022-29177
2022-05-20 17:15:07
nvd
nvd
CVE-2022-29177
2022-05-20 17:15:07
github
github
DoS via malicious p2p message in Go Ethereum
2022-05-24 20:54:55
cvelist
cvelist
CVE-2022-29177 DoS via malicious p2p message in Go-Ethereum
2022-05-20 16:20:10
veracode
veracode
Denial Of Service (DoS)
2022-05-23 09:09:12
prion
prion
Design/Logic Flaw
2022-05-20 17:15:00

EPSS

0.001

Percentile

39.2%

JSON
Related for OSV:GHSA-WJXW-GH3M-7PM5
cve1osv2nvd1github1cvelist1veracode1prion1