CVE-2021-41173

Опубликовано: 26 окт. 2021

Источник: nvd

CVSS3: 5.7

CVSS2: 3.5

EPSS Низкий

Описание

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.

Ссылки

https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738
Patch
Third Party Advisory
https://github.com/ethereum/go-ethereum/pull/23801
Patch
Third Party Advisory
https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9
Release Notes
Third Party Advisory
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v
Third Party Advisory
https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738
Patch
Third Party Advisory
https://github.com/ethereum/go-ethereum/pull/23801
Patch
Third Party Advisory
https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9
Release Notes
Third Party Advisory
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*

Версия до 1.10.9 (исключая)

EPSS

Процентиль: 39%

0.00175

Низкий

5.7 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

CVE-2021-41173

CVSS3: 5.7

debian

больше 4 лет назад

Go Ethereum is the official Golang implementation of the Ethereum prot ...

GHSA-59hh-656j-3p7v

CVSS3: 5.7

github

больше 4 лет назад

Geth Node Vulnerable to DoS via maliciously crafted p2p message

EPSS

Процентиль: 39%

0.00175

Низкий

5.7 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-20

NVD-CWE-noinfo