GO-2026-4511 Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake in github.com/ethereum/go-ethereum

Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake in github.com/ethereum/go-ethereum...

CVE-2026-26315

go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...

CVE-2026-26315 Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake

go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...

CVE-2026-26315

Go Ethereum (Geth) before v1.16.9 is affected by a flaw in the ECIES cryptography implementation that can allow an attacker to extract bits of the p2p node key. The issue is fixed in v1.16.9 and v1.17.0. After upgrading, rotate the node key by removing the file /geth/nodekey before restarting Get...

CVE-2026-26315 Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake

go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...

Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake

Impact Through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. Patches The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. We recommend rotating the node key after applying the upgrade, which can be done by removing the...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the GenerateShared function in ecies.go. An attacker can extract bits of the p2p node key during an RLPx handshake by sending a series of malicious ephemeral public keys and inferring the validity of bits based o...

PT-2026-20349

Name of the Vulnerable Software and Affected Versions go-ethereum Geth versions prior to 1.16.9 go-ethereum Geth version 1.17.0 Description A flaw exists in the ECIES cryptography implementation within go-ethereum Geth that could allow an attacker to extract bits of the p2p node key. The issue is...

PT-2026-20348

Name of the Vulnerable Software and Affected Versions go-ethereum geth versions prior to 1.16.9 Description go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shut down or crash remotely without requiring login through the use ...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the handling of failed KZG verification for p2p messages. An attacker can cause a node to shut down or crash by sending a specially crafted message. Remediation Upgrade github.com/ethereum/go-ethereum/crypto/ecies ...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the handling of failed KZG verification for p2p messages. An attacker can cause a node to shut down or crash by sending a specially crafted message. Remediation Upgrade github.com/ethereum/go-ethereum/crypto/ecies ...

CVE-2023-49292

ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate, Decapsulate and ECDH could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade...

EUVD-2018-0703

Malware in sbrugna...

EUVD-2018-0562

Malware in sbrugna...

Possible private key restoration in go package github.com/ecies/go

...

GO-2023-2380 Private key recovery via invalid curve point in github.com/ecies/go/v2

An attacker may be able to recover private keys due to a bug in the ECDH function. The library does not check whether the provided public key is on the curve, which means that an attacker can create a public key that is not on the curve and use it to recover the private key. A workaround is to...

GHSA-8J98-CJFR-QX3H github.com/ecies/go vulnerable to possible private key restoration

Impact If functions Encapsulate, Decapsulate and ECDH could be called by an attacker, he could recover any private key that he interacts with. Patches Patched in v2.0.8 Workarounds You could manually check public key by calling IsOnCurve function from secp256k1 libraries. References...

CVE-2023-49292

ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate, Decapsulate and ECDH could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade...

AZL-37392 CVE-2023-49292 affecting package golang for versions less than 1.21.6-1

ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate, Decapsulate and ECDH could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade...

AZL-78898 CVE-2023-49292 affecting package golang 1.25.7-1

ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate, Decapsulate and ECDH could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade...