2 matches found
CVE-2023-42319
Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...
CVE-2023-42319
CVE-2023-42319 affects Geth (go-ethereum) up to v1.13.4 when running with --http and --graphql. The vulnerability allows remote attackers to trigger a denial of service by sending a crafted GraphQL query, leading to memory exhaustion and a daemon hang. The issue is a DoS condition caused by how t...