Headline
GHSA-ppjg-v974-84cm: Go-Ethereum vulnerable to denial of service via malicious p2p message
Impact
A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node.
Details about this bug will be released within 4-8 weeks, as per our official vulnerability disclosure policy.
Patches
The fix is included in geth version 1.12.1-stable, i.e, 1.12.2-unstable and onwards.
Workarounds
No known workarounds.
Credits
This bug was reported by Patrick McHardy and reported via [email protected].
References
Package
gomod github.com/ethereum/go-ethereum (Go)
Affected versions
< 1.12.1-stable
Patched versions
1.12.1-stable
Description
Impact
A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node.
Details about this bug will be released within 4-8 weeks, as per our official vulnerability disclosure policy.
Patches
The fix is included in geth version 1.12.1-stable, i.e, 1.12.2-unstable and onwards.
Workarounds
No known workarounds.
Credits
This bug was reported by Patrick McHardy and reported via [email protected].
References****References
- GHSA-ppjg-v974-84cm
- https://geth.ethereum.org/docs/developers/geth-developer/disclosures
- https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1
holiman published to ethereum/go-ethereum
Sep 6, 2023
Published to the GitHub Advisory Database
Sep 6, 2023
Reviewed
Sep 6, 2023
Last updated
Sep 6, 2023
Related news
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.