Headline
GHSA-q26p-9cq4-7fc2: Go Ethereum vulnerable to DoS via malicious p2p message
Impact
A vulnerable node can be forced to shutdown/crash using a specially crafted message.
More in-depth details will be released at a later time.
Patches
A fix has been included in geth version 1.14.13 and onwards.
Workarounds
Unfortunately, no workaround is available.
Credits
This issue was originally reported to Polygon Security by David Matosse (@iam-ned).
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-24883
Go Ethereum vulnerable to DoS via malicious p2p message
Moderate severity GitHub Reviewed Published Jan 30, 2025 in ethereum/go-ethereum • Updated Jan 30, 2025
Package
gomod github.com/ethereum/go-ethereum (Go)
Affected versions
>= 1.14.0, < 1.14.13
Impact
A vulnerable node can be forced to shutdown/crash using a specially crafted message.
More in-depth details will be released at a later time.
Patches
A fix has been included in geth version 1.14.13 and onwards.
Workarounds
Unfortunately, no workaround is available.
Credits
This issue was originally reported to Polygon Security by David Matosse (@iam-ned).
References
- GHSA-q26p-9cq4-7fc2
Published to the GitHub Advisory Database
Jan 30, 2025
Last updated
Jan 30, 2025