Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-4xc9-8hmq-j652: go-ethereum vulnerable to DoS via malicious p2p message

Impact

A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node.

More in-depth details will be released at a later time.

Patches

The fix has been included in geth version 1.13.15 and onwards.

Workarounds

No workarounds have been made public.

References

No more information is released at this time.

Credit

This bug was responsibly disclosed by DongHan Kim via the Ethereum big bounty program, for which we’re very grateful!

ghsa
Open in Source

Impact

A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node.

More in-depth details will be released at a later time.

Patches

The fix has been included in geth version 1.13.15 and onwards.

Workarounds

No workarounds have been made public.

References

No more information is released at this time.

Credit

This bug was responsibly disclosed by DongHan Kim via the Ethereum big bounty program, for which we’re very grateful!

References

ghsa: Latest News

GHSA-9x4v-xfq5-m8x5: Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)
ghsa