CVE-2021-42219

Опубликовано: 17 мар. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go.

Ссылки

https://docs.google.com/document/d/1dYFSpNZPC0OV-n1mMqdc269u9yYU1XQy/edit?usp=sharing&ouid=112110745137218798745&rtpof=true&sd=true
Exploit
Third Party Advisory
https://docs.google.com/document/d/1dYFSpNZPC0OV-n1mMqdc269u9yYU1XQy/edit?usp=sharing&ouid=112110745137218798745&rtpof=true&sd=true
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ethereum:go_ethereum:1.10.9:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00433

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2021-42219

CVSS3: 7.5

debian

почти 4 года назад

Go-Ethereum v1.10.9 was discovered to contain an issue which allows at ...

GHSA-vrcc-g6vj-mh5w

CVSS3: 7.5

github

почти 4 года назад

Denial of service in go-ethereum

EPSS

Процентиль: 62%

0.00433

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo