Описание
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.9.25 (исключая)
cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00487
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-400
CWE-400
Связанные уязвимости
CVSS3: 6.5
debian
около 5 лет назад
Go Ethereum, or "Geth", is the official Golang implementation of the E ...
CVSS3: 6.5
github
больше 4 лет назад
Denial of service in github.com/ethereum/go-ethereum
EPSS
Процентиль: 65%
0.00487
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-400
CWE-400