Lucene search

K

16 matches found

CVE
CVE
added 2022/08/05 9:15 p.m.97 views

CVE-2022-37450

Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022.

5.9CVSS5.6AI score0.003EPSS
CVE
CVE
added 2022/03/04 12:15 p.m.86 views

CVE-2022-23327

A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service (DoS).

7.5CVSS7.2AI score0.00505EPSS
CVE
CVE
added 2022/05/20 5:15 p.m.77 views

CVE-2022-29177

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that a...

5.9CVSS5.5AI score0.00317EPSS
CVE
CVE
added 2021/08/24 4:15 p.m.73 views

CVE-2021-39137

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a late...

7.5CVSS6.7AI score0.0039EPSS
CVE
CVE
added 2020/11/25 2:15 a.m.65 views

CVE-2020-26240

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-...

7.5CVSS5.9AI score0.00269EPSS
CVE
CVE
added 2023/09/06 7:15 p.m.64 views

CVE-2023-40591

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version 1.12.1-stable, i.e, 1.12.2-unsta...

7.5CVSS7.4AI score0.00259EPSS
CVE
CVE
added 2020/11/25 2:15 a.m.63 views

CVE-2020-26241

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x00...04) contract di...

7.1CVSS6.3AI score0.00208EPSS
CVE
CVE
added 2020/11/25 2:15 a.m.63 views

CVE-2020-26242

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.

7.5CVSS6.7AI score0.00509EPSS
CVE
CVE
added 2020/12/11 5:15 p.m.62 views

CVE-2020-26264

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabli...

6.5CVSS6.3AI score0.00519EPSS
CVE
CVE
added 2021/10/26 2:15 p.m.60 views

CVE-2021-41173

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from ...

5.7CVSS5.5AI score0.00237EPSS
CVE
CVE
added 2025/01/30 4:15 p.m.60 views

CVE-2025-24883

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.

8.7CVSS6.4AI score0.00014EPSS
CVE
CVE
added 2024/05/06 3:15 p.m.55 views

CVE-2024-32972

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version 1.13.15 ...

7.5CVSS6.6AI score0.0077EPSS
CVE
CVE
added 2023/10/18 6:15 a.m.45 views

CVE-2023-42319

Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile cl...

7.5CVSS7.3AI score0.0051EPSS
CVE
CVE
added 2018/07/05 2:29 a.m.43 views

CVE-2018-12018

The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip ...

7.5CVSS7.4AI score0.1185EPSS
CVE
CVE
added 2018/09/08 3:29 p.m.42 views

CVE-2018-16733

In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.

7.5CVSS7.5AI score0.00237EPSS
CVE
CVE
added 2020/12/11 5:15 p.m.37 views

CVE-2020-26265

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade rele...

5.3CVSS5.2AI score0.00183EPSS