Go Ethereum LES protocol implementation vulnerable to Denial of Service

The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum aka geth before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip...

Integer overflow

The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum aka geth before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip...

CVE-2018-12018

The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum aka geth before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip...

CVE-2018-12018

CVE-2018-12018 affects Go Ethereum (geth) LES GetBlockHeadersMsg handling prior to v1.8.11. An integer signedness error for the array index allows a crafted query with Skip = -1 to crash a remote node (EPoD). The vulnerability occurs when the server validates the requested headers after skipping ...