Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-43668: Nodes crash down after receiving a serial of messages generated by fuzzer, and cannot be recovered · Issue #23866 · ethereum/go-ethereum

Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with “runtime error: invalid memory address or nil pointer dereference” and arise a SEGV signal.

CVE
Open in Source
#mac#dos#git

System information

Geth version: 1.10.9-unstable-9ada4a2e-20210910
OS & Version: MacOS
Network: Private test net

Expected behaviour

Node sync block in the private net.

Actual behaviour

Node crashed down with “runtime error: invalid memory address or nil pointer dereference”

Steps to reproduce the behaviour

  1. setup a 10-node private geth nodes lcoally
  2. setup a fuzzing node continually sending fuzzed messages to other 10 normal geth nodes.
  3. After more than 24 hours fuzzing experiment, one of the geth node who is run in fast mode crashed down.
    The running command for the node is ./build/bin/geth --identity "ETH-node10" --datadir "node10" --ethash.dagdir "node10" --port "30312" --maxpeers 15 --networkid 10086 --syncmode "fast" --bootnodes "enode://e71bec68f09c4b9567bd4575d855ea61b179b1d64e6f78c861ebddf3783178f95edaaf39647c1f792bc654d0931ad25415d50c25c437787183c0b0a32a76da85@127.0.0.1:0?discport=30301" --mine --miner.etherbase 0xd192415624a039b24ad571f96cb438de9f0556a7 --miner.threads 1 console

Backtrace

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x43195ff]

goroutine 1 [running]:
github.com/syndtr/goleveldb/leveldb/table.(*Reader).newBlockIter(0xc00031b520, 0xc00033c440, 0x0, 0x0, 0x0, 0x1, 0x0)
    github.com/syndtr/[email protected]/leveldb/table/reader.go:734 +0xbf
github.com/syndtr/goleveldb/leveldb/table.NewReader(0x67d22e8, 0xc00038c198, 0x23b, 0x4, 0x8, 0xc000322630, 0xc0001cd180, 0xc0001cd040, 0x0, 0x0, ...)
    github.com/syndtr/[email protected]/leveldb/table/reader.go:1085 +0x648
github.com/syndtr/goleveldb/leveldb.(*tOps).open.func1(0xc000581a70, 0xc0002ee100, 0xc0002ee0c0)
    github.com/syndtr/[email protected]/leveldb/table.go:428 +0x1cb
github.com/syndtr/goleveldb/leveldb/cache.(*Cache).Get(0xc0002ee100, 0x0, 0x8, 0xc000152b90, 0x0)
    github.com/syndtr/[email protected]/leveldb/cache/cache.go:388 +0x28a
github.com/syndtr/goleveldb/leveldb.(*tOps).open(0xc000581b60, 0xc00030c370, 0x437fa69, 0x0, 0x0)
    github.com/syndtr/[email protected]/leveldb/table.go:415 +0x86
github.com/syndtr/goleveldb/leveldb.(*tOps).find(0xc000581b60, 0xc00030c370, 0xc0001a7c08, 0x12, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
    github.com/syndtr/[email protected]/leveldb/table.go:445 +0x90
github.com/syndtr/goleveldb/leveldb.(*version).get.func1(0x0, 0xc00030c370, 0xc0001a7c08)
    github.com/syndtr/[email protected]/leveldb/version.go:180 +0x465
github.com/syndtr/goleveldb/leveldb.(*version).walkOverlapping(0xc0001ae5a0, 0x0, 0x0, 0x0, 0xc0001a7c08, 0x12, 0x12, 0xc000152ed8, 0xc000152ea8)
    github.com/syndtr/[email protected]/leveldb/version.go:119 +0x29d
github.com/syndtr/goleveldb/leveldb.(*version).get(0xc0001ae5a0, 0x0, 0x0, 0x0, 0xc0001a7c08, 0x12, 0x12, 0x0, 0x0, 0x0, ...)
    github.com/syndtr/[email protected]/leveldb/version.go:164 +0x2f1
github.com/syndtr/goleveldb/leveldb.(*DB).get(0xc0001d6000, 0x0, 0x0, 0x0, 0x0, 0xc0002ea6a0, 0xa, 0x10, 0x3e137, 0x0, ...)
    github.com/syndtr/[email protected]/leveldb/db.go:785 +0x385
github.com/syndtr/goleveldb/leveldb.(*DB).Get(0xc0001d6000, 0xc0002ea6a0, 0xa, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    github.com/syndtr/[email protected]/leveldb/db.go:851 +0x13b
github.com/ethereum/go-ethereum/ethdb/leveldb.(*Database).Get(0xc00064a100, 0xc0002ea6a0, 0xa, 0x10, 0x7735940005e39400, 0xc000195020, 0xc0005921c0, 0x0, 0x0)
    github.com/ethereum/go-ethereum/ethdb/leveldb/leveldb.go:190 +0x5a
github.com/ethereum/go-ethereum/core/rawdb.NewDatabaseWithFreezer(0x54c0b58, 0xc00064a100, 0xc0001aa6c0, 0x34, 0x525effa, 0x11, 0x410e500, 0xc00064a100, 0x0, 0x0, ...)
    github.com/ethereum/go-ethereum/core/rawdb/database.go:159 +0xd5
github.com/ethereum/go-ethereum/core/rawdb.NewLevelDBDatabaseWithFreezer(0xc0000417d0, 0x2c, 0x800, 0x1400, 0xc0001aa6c0, 0x34, 0x525effa, 0x11, 0x0, 0x7b, ...)
    github.com/ethereum/go-ethereum/core/rawdb/database.go:245 +0xf4
github.com/ethereum/go-ethereum/node.(*Node).OpenDatabaseWithFreezer(0xc00047e1a0, 0x5256ae7, 0x9, 0x800, 0x1400, 0x0, 0x0, 0x525effa, 0x11, 0x0, ...)
    github.com/ethereum/go-ethereum/node/node.go:602 +0x33c
github.com/ethereum/go-ethereum/eth.New(0xc00047e1a0, 0xc000355500, 0xc0002d67b8, 0xc000130af0, 0x47c6dd0)
    github.com/ethereum/go-ethereum/eth/backend.go:130 +0x311
github.com/ethereum/go-ethereum/cmd/utils.RegisterEthService(0xc00047e1a0, 0xc000355500, 0xf, 0x0, 0x1)
    github.com/ethereum/go-ethereum/cmd/utils/flags.go:1687 +0x225
main.makeFullNode(0xc0001d22c0, 0x525450d, 0x1, 0xc0001ac010)
    github.com/ethereum/go-ethereum/cmd/geth/config.go:162 +0x14e
main.geth(0xc0001d22c0, 0x0, 0x0)
    github.com/ethereum/go-ethereum/cmd/geth/main.go:311 +0xf4
gopkg.in/urfave/cli%2ev1.HandleAction(0x500f800, 0x5339c80, 0xc0001d22c0, 0xc0000a76e0, 0x0)
    gopkg.in/urfave/[email protected]/app.go:490 +0x82
gopkg.in/urfave/cli%2ev1.(*App).Run(0xc0001981a0, 0xc000194180, 0x3, 0x3, 0x0, 0x0)
    gopkg.in/urfave/[email protected]/app.go:264 +0x5f5
main.main()
    github.com/ethereum/go-ethereum/cmd/geth/main.go:254 +0x55

When submitting logs: please submit them as text and not screenshots.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE