Security
Headlines

Headline

GHSA-q26p-9cq4-7fc2: Go Ethereum vulnerable to DoS via malicious p2p message

Impact

A vulnerable node can be forced to shutdown/crash using a specially crafted message.

More in-depth details will be released at a later time.

Patches

A fix has been included in geth version 1.14.13 and onwards.

Workarounds

Unfortunately, no workaround is available.

Credits

This issue was originally reported to Polygon Security by David Matosse (@iam-ned).

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2025-24883

Go Ethereum vulnerable to DoS via malicious p2p message

Moderate severity GitHub Reviewed Published Jan 30, 2025 in ethereum/go-ethereum • Updated Jan 30, 2025

Package

gomod github.com/ethereum/go-ethereum (Go)

Affected versions

>= 1.14.0, < 1.14.13

Impact

A vulnerable node can be forced to shutdown/crash using a specially crafted message.

More in-depth details will be released at a later time.

Patches

A fix has been included in geth version 1.14.13 and onwards.

Workarounds

Unfortunately, no workaround is available.

Credits

This issue was originally reported to Polygon Security by David Matosse (@iam-ned).

References

  • GHSA-q26p-9cq4-7fc2

Published to the GitHub Advisory Database

Jan 30, 2025

Last updated

Jan 30, 2025

ghsa: Latest News

We use cookies to provide necessary website functionality, and improve your user experience. By using the website, you agree to Privacy Policy and cookies usage.