Lucene search

Veracode Vulnerability DatabaseVERACODE:46791

HistoryMay 07, 2024 - 7:26 p.m.

Resource Exhaustion

2024-05-0719:26:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

go-ethereum

geth

resource exhaustion

vulnerability

crafted p2p messages

memory consumption

attacker node

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

go-ethereum (geth) is vulnerable to a Resource Exhaustion. The vulnerability is due to a lack of proper handling of specially crafted p2p messages sent from an attacker node, causing vulnerable nodes to consume excessive amounts of memory.

CPENameOperatorVersion
github.com/ethereum/go-ethereumlev1.13.14
github.com/ethereum/go-ethereumlev1.13.14

CPE	Name	Operator	Version
	github.com/ethereum/go-ethereum	le	v1.13.14
	github.com/ethereum/go-ethereum	le	v1.13.14

References

github.com/ethereum/go-ethereum/commit/ae3b7a0b6592d0df8b38ef6084c0f8024c739738

github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15

github.com/ethereum/go-ethereum/issues/29709

github.com/ethereum/go-ethereum/pull/28954

github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:46791