Описание
Denial of service in github.com/ethereum/go-ethereum
Impact
A DoS vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client.
Patches
The vulnerability was patched in https://github.com/ethereum/go-ethereum/pull/21896.
Workarounds
This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit.
It can also be patched by manually applying the patch in https://github.com/ethereum/go-ethereum/pull/21896.
For more information
If you have any questions or comments about this advisory:
- Open an issue in go-ethereum
- Email us at security@ethereum.org
Ссылки
- https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q
- https://nvd.nist.gov/vuln/detail/CVE-2020-26264
- https://github.com/ethereum/go-ethereum/pull/21896
- https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46
- https://github.com/ethereum/go-ethereum/releases/tag/v1.9.25
- https://pkg.go.dev/vuln/GO-2021-0063
Пакеты
github.com/ethereum/go-ethereum
< 1.9.25
1.9.25
Связанные уязвимости
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25.
Go Ethereum, or "Geth", is the official Golang implementation of the E ...