GHSA-mq3p-rrmp-79jg

Опубликовано: 13 янв. 2026

Источник: github

Github: Прошло ревью

CVSS4: 7.1

Описание

go-ethereum is vulnerable to high CPU usage leading to DoS via malicious p2p message

Impact

An attacker can cause high CPU usage by sending a specially crafted p2p message. More details to be released later.

Credit

This issue was reported to the Ethereum Foundation Bug Bounty Program by @Yenya030

Ссылки

Пакеты

Наименование

github.com/ethereum/go-ethereum

Затронутые версииВерсия исправления

<= 1.16.7

1.16.8

EPSS

Процентиль: 27%

0.00098

Низкий

7.1 High

CVSS4

CVE ID

CVE-2026-22868

Дефекты

CWE-20

CWE-400

Связанные уязвимости

CVE-2026-22868

CVSS3: 7.5

nvd

25 дней назад

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8.

CVE-2026-22868

CVSS3: 7.5

debian

25 дней назад

go-ethereum (geth) is a golang execution layer implementation of the E ...

EPSS

Процентиль: 27%

0.00098

Низкий

7.1 High

CVSS4

CVE ID

CVE-2026-22868

Дефекты

CWE-20

CWE-400