33 matches found
SUSE CVE-2026-26315
go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...
CVE-2026-26315
go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...
CVE-2026-26315
go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...
CVE-2026-26315 Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake
go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...
CVE-2026-26315 Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake
go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...
CVE-2026-26315
go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...
CVE-2026-26315 Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake
go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...
Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake
Impact Through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. Patches The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. We recommend rotating the node key after applying the upgrade, which can be done by removing the...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure in the GenerateShared function in ecies.go. An attacker can extract bits of the p2p node key during an RLPx handshake by sending a series of malicious ephemeral public keys and inferring the validity of bits based o...
GHSA-M6J8-RG6R-7MV8 Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake
Impact Through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. Patches The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. We recommend rotating the node key after applying the upgrade, which can be done by removing the...
PT-2026-20349
Name of the Vulnerable Software and Affected Versions go-ethereum Geth versions prior to 1.16.9 go-ethereum Geth version 1.17.0 Description A flaw exists in the ECIES cryptography implementation within go-ethereum Geth that could allow an attacker to extract bits of the p2p node key. The issue is...
PT-2026-20348
Name of the Vulnerable Software and Affected Versions go-ethereum geth versions prior to 1.16.9 Description go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shut down or crash remotely without requiring login through the use ...
CVE-2020-7627
node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...
EUVD-2022-0824
Malicious code in bioql PyPI...
CVE-2021-21296
Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. This is possible only while a live query is currently ongoing. We believe the...
MAL-2025-3909 Malicious code in node-key (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d894e13997a3447157053a61e14cc048c98503520390bb08ae197e303ec8dfa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in node-key (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d894e13997a3447157053a61e14cc048c98503520390bb08ae197e303ec8dfa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2396 Malicious code in node-key-lister (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f8413c7c25ae9c9e0b081bebc1c89bec76f5966b57a9fa2dacfe631523a106f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in node-key-lister (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f8413c7c25ae9c9e0b081bebc1c89bec76f5966b57a9fa2dacfe631523a106f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-4XRW-WVMQ-8JMH OS Command Injection in node-key-sender
node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...