20 matches found
CVE-2026-26313 Go Ethereum affected by DoS via malicious p2p message
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...
CVE-2026-26313
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...
PT-2026-20349
Name of the Vulnerable Software and Affected Versions go-ethereum Geth versions prior to 1.16.9 go-ethereum Geth version 1.17.0 Description A flaw exists in the ECIES cryptography implementation within go-ethereum Geth that could allow an attacker to extract bits of the p2p node key. The issue is...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the handling of failed KZG verification for p2p messages. An attacker can cause a node to shut down or crash by sending a specially crafted message. Remediation Upgrade github.com/ethereum/go-ethereum/crypto/ecies ...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the handling of failed KZG verification for p2p messages. An attacker can cause a node to shut down or crash by sending a specially crafted message. Remediation Upgrade github.com/ethereum/go-ethereum/core/txpool t...
EUVD-2022-5589
Malicious code in bioql PyPI...
EUVD-2024-1428
Malicious code in bioql PyPI...
EUVD-2023-2566
Malicious code in bioql PyPI...
CVE-2022-29177
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that...
CVE-2024-32972
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version 1.13.15...
CVE-2024-47130 Missing Authentication for Critical Function in goTenna Pro
The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. It is advised to update your app to the current release for enhanced encryption protocols...
Resource Exhaustion
go-ethereum geth is vulnerable to a Resource Exhaustion. The vulnerability is due to a lack of proper handling of specially crafted p2p messages sent from an attacker node, causing vulnerable nodes to consume excessive amounts of memory...
CVE-2024-32972 go-ethereum denial of service via malicious p2p message
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version 1.13.15...
Resource Exhaustion
Overview Affected versions of this package are vulnerable to Resource Exhaustion when handling specially crafted p2p messages. A vulnerable node can be made to consume very large amounts of memory. Remediation Upgrade github.com/microstack-tech/parallax/core/rawdb to version 0.1.4 or higher...
Memory Exhaustion
go-ethereum is vulnerable to a memory consumption. The vulnerability is due to a node which can be made to consume unbounded amounts of memory when handling a malicious crafted p2p messages sent from an attacker node. The attacker could use this issue to cause memory exhaustion leading to Denial ...
Design/Logic Flaw
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version 1.12.1-stable, i.e,...
CVE-2023-40591 Denial of service via malicious p2p message in go-ethereum
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version 1.12.1-stable, i.e,...
CVE-2022-29177 DoS via malicious p2p message in Go-Ethereum
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that...
CVE-2022-29177
CVE-2022-29177 affects the Go Ethereum (go-ethereum) client. Before version 1.10.17, a node configured with high verbosity logging could crash when processing specially crafted p2p messages from a attacker node. A patch in v1.10.17 addresses the issue; as a workaround, setting the log level to IN...
PT-2022-19431 · Unknown · Go-Ethereum
Name of the Vulnerable Software and Affected Versions: Go Ethereum versions prior to 1.10.17 Description: A vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Recommendations: For versions pri...