Lucene search
+L

110 matches found

Github Security Blog
Github Security Blog
added 2023/10/18 6:30 a.m.39 views

go-ethereum vulnerable to denial of service via crafted GraphQL query

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

7.5CVSS6.6AI score0.00887EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/10/18 6:15 a.m.26 views

Code injection

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

5CVSS7.3AI score0.00887EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/18 12:0 a.m.15 views

CVE-2023-42319

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

6.8AI score0.00887EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/10/18 12:0 a.m.7 views

Geth Security Breach

Geth is a library in the Geth open source. A security vulnerability exists in Geth 1.13.4 and earlier versions that stems from allowing an attacker to cause a denial of service DOS via a specially crafted graphql query...

7.5CVSS6.6AI score0.00887EPSS
Exploits1References3
CVE
CVE
added 2023/10/18 12:0 a.m.65 views

CVE-2023-42319

CVE-2023-42319 affects Geth (go-ethereum) up to v1.13.4 when running with --http and --graphql. The vulnerability allows remote attackers to trigger a denial of service by sending a crafted GraphQL query, leading to memory exhaustion and a daemon hang. The issue is a DoS condition caused by how t...

7.5CVSS7.3AI score0.00887EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/10/18 12:0 a.m.40 views

CVE-2023-42319

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

7.5AI score0.00887EPSS
Exploits1References2
OSV
OSV
added 2023/10/18 12:0 a.m.12 views

CVE-2023-42319

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

7.5CVSS7.1AI score0.00887EPSS
Exploits1References4
OSV
OSV
added 2023/09/06 7:49 p.m.18 views

GHSA-PPJG-V974-84CM Go-Ethereum vulnerable to denial of service via malicious p2p message

Impact A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. Details The p2p handler spawned a new goroutine to respond to ping requests. By flooding a node with ping requests, an unbounded number of goroutin...

7.5CVSS7.3AI score0.00981EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/09/06 6:7 p.m.38 views

CVE-2023-40591 Denial of service via malicious p2p message in go-ethereum

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version 1.12.1-stable, i.e,...

7.5CVSS7.7AI score0.00981EPSS
Exploits0References3
CVE
CVE
added 2023/09/06 6:7 p.m.81 views

CVE-2023-40591

Summary: Go-Ethereum (geth) vulnerable to Denial of Service via unbounded memory consumption when processing specially crafted p2p messages from an attacker node. The root cause is memory exhaustion triggered by handling crafted p2p messages; a vulnerable node can allocate unbounded memory, poten...

7.5CVSS7.4AI score0.00981EPSS
Exploits0References3Affected Software1
Code423n4
Code423n4
added 2023/06/04 12:0 a.m.85 views

Chain split caused by memory corruption in EVM

Lines of code Vulnerability details Chain split caused by memory corruption in EVM We recently found that the op-geth@3fa9e81 repository has a memory corruption vulnerability in EVM, which can cause a consensus error. Specifically, vulnerable nodes obtain a different stateRoot when processing a...

5CVSS7AI score0.01527EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/03/21 10:31 p.m.34 views

Frontier's modexp precompile is slow for even modulus

Impact Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost...

7.5CVSS7.1AI score0.00873EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/03/21 10:31 p.m.75 views

GHSA-FCMM-54JP-7VF6 Frontier's modexp precompile is slow for even modulus

Impact Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost...

7.5CVSS7.4AI score0.00873EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.4 views

SUSE CVE-2020-26264

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly...

6.5CVSS6.5AI score0.01864EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.9 views

SUSE CVE-2020-26265

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade...

5.3CVSS5.4AI score0.00909EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/09/21 12:0 a.m.7 views

The vulnerability of the Geth client library of the Ethereum programming language GO in Go Ethereum allows a hacker to trigger a service failure.

The vulnerability of the Geth client library for the Ethereum protocol, written in the Go programming language, is related to the occurrence of interpretation conflicts. Exploiting this vulnerability can allow a malicious actor to cause service failures...

6.8CVSS7.2AI score0.01527EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/08/06 12:0 a.m.36 views

Go Ethereum allows attackers to use manipulation of time-difference values to achieve replacement of main-chain blocks

Go Ethereum aka geth through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making RUM, as exploited in the wild in 2020 through 2022...

5.9CVSS5.7AI score0.01005EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2022/08/05 9:15 p.m.23 views

Design/Logic Flaw

Go Ethereum aka geth through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making RUM, as exploited in the wild in 2020 through 2022...

2.6CVSS5.7AI score0.01005EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/08/05 8:30 p.m.22 views

CVE-2022-37450

Go Ethereum aka geth through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making RUM, as exploited in the wild in 2020 through 2022...

5.9CVSS5.7AI score0.01005EPSS
Exploits1References6
CVE
CVE
added 2022/08/05 8:30 p.m.115 views

CVE-2022-37450

Go Ethereum (geth)

5.9CVSS5.6AI score0.01005EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder