110 matches found
go-ethereum vulnerable to denial of service via crafted GraphQL query
Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...
Code injection
Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...
CVE-2023-42319
Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...
Geth Security Breach
Geth is a library in the Geth open source. A security vulnerability exists in Geth 1.13.4 and earlier versions that stems from allowing an attacker to cause a denial of service DOS via a specially crafted graphql query...
CVE-2023-42319
CVE-2023-42319 affects Geth (go-ethereum) up to v1.13.4 when running with --http and --graphql. The vulnerability allows remote attackers to trigger a denial of service by sending a crafted GraphQL query, leading to memory exhaustion and a daemon hang. The issue is a DoS condition caused by how t...
CVE-2023-42319
Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...
CVE-2023-42319
Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...
GHSA-PPJG-V974-84CM Go-Ethereum vulnerable to denial of service via malicious p2p message
Impact A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. Details The p2p handler spawned a new goroutine to respond to ping requests. By flooding a node with ping requests, an unbounded number of goroutin...
CVE-2023-40591 Denial of service via malicious p2p message in go-ethereum
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version 1.12.1-stable, i.e,...
CVE-2023-40591
Summary: Go-Ethereum (geth) vulnerable to Denial of Service via unbounded memory consumption when processing specially crafted p2p messages from an attacker node. The root cause is memory exhaustion triggered by handling crafted p2p messages; a vulnerable node can allocate unbounded memory, poten...
Chain split caused by memory corruption in EVM
Lines of code Vulnerability details Chain split caused by memory corruption in EVM We recently found that the op-geth@3fa9e81 repository has a memory corruption vulnerability in EVM, which can cause a consensus error. Specifically, vulnerable nodes obtain a different stateRoot when processing a...
Frontier's modexp precompile is slow for even modulus
Impact Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost...
GHSA-FCMM-54JP-7VF6 Frontier's modexp precompile is slow for even modulus
Impact Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost...
SUSE CVE-2020-26264
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly...
SUSE CVE-2020-26265
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade...
The vulnerability of the Geth client library of the Ethereum programming language GO in Go Ethereum allows a hacker to trigger a service failure.
The vulnerability of the Geth client library for the Ethereum protocol, written in the Go programming language, is related to the occurrence of interpretation conflicts. Exploiting this vulnerability can allow a malicious actor to cause service failures...
Go Ethereum allows attackers to use manipulation of time-difference values to achieve replacement of main-chain blocks
Go Ethereum aka geth through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making RUM, as exploited in the wild in 2020 through 2022...
Design/Logic Flaw
Go Ethereum aka geth through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making RUM, as exploited in the wild in 2020 through 2022...
CVE-2022-37450
Go Ethereum aka geth through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making RUM, as exploited in the wild in 2020 through 2022...
CVE-2022-37450
Go Ethereum (geth)