Описание
Go Ethereum affected by DoS via malicious p2p message
Impact
A vulnerable node can be forced to shutdown/crash using a specially crafted message. More details to be released later.
Patches
The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth.
Credit
This issue was reported to the Ethereum Foundation Bug Bounty Program by Waleed Ahmed from vulsight.com
Ссылки
- https://github.com/ethereum/go-ethereum/security/advisories/GHSA-2gjw-fg97-vg3r
- https://nvd.nist.gov/vuln/detail/CVE-2026-26314
- https://github.com/ethereum/go-ethereum/commit/895a8597cb16c02203e38707ed2d1da5c500fe60
- https://github.com/ethereum/go-ethereum/releases/tag/v1.16.9
- https://pkg.go.dev/vuln/GO-2026-4507
Пакеты
Наименование
github.com/ethereum/go-ethereum
go
Затронутые версииВерсия исправления
<= 1.16.8
1.16.9
Связанные уязвимости
CVSS3: 7.5
nvd
около 1 месяца назад
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth.
CVSS3: 7.5
debian
около 1 месяца назад
go-ethereum (geth) is a golang execution layer implementation of the E ...