Lucene search

Veracode Vulnerability DatabaseVERACODE:45362

HistoryFeb 06, 2024 - 7:36 a.m.

Denial Of Service (DoS)

2024-02-0607:36:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

vulnerability

les server

ethereum

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.3%

JSON

github.com/ethereum/go-ethereum is vulnerable to github.com/ethereum/go-ethereum. The vulnerability is caused by a malicious GetProofsV2 request from a connected LES client. The vulnerability only concerns for users using the LES server.

CPENameOperatorVersion
github.com/ethereum/go-ethereumlev1.9.24
github.com/ethereum/go-ethereumlev1.9.24

CPE	Name	Operator	Version
	github.com/ethereum/go-ethereum	le	v1.9.24
	github.com/ethereum/go-ethereum	le	v1.9.24

References

github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46

github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.3%

JSON

Related for VERACODE:45362