Lucene search

GitHub_MVULNRICHMENT:CVE-2024-32972

HistoryMay 06, 2024 - 2:26 p.m.

CVE-2024-32972 go-ethereum denial of service via malicious p2p message

2024-05-0614:26:19

CWE-400

GitHub_M

github.com

cve-2024-32972

go-ethereum

denial of service

ethereum protocol

p2p messages

memory consumption

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version 1.13.15 and onwards.

CNA Affected

[
  {
    "vendor": "ethereum",
    "product": "go-ethereum",
    "versions": [
      {
        "version": "< 1.13.15",
        "status": "affected"
      }
    ]
  }
]

References

github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15

github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-32972