CVE-2022-29177

Опубликовано: 20 мая 2022

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (INFO) makes the node not vulnerable to this attack.

Ссылки

https://github.com/ethereum/go-ethereum/pull/24507
Patch
Third Party Advisory
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5
Patch
Third Party Advisory
https://github.com/ethereum/go-ethereum/pull/24507
Patch
Third Party Advisory
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*

Версия до 1.10.17 (исключая)

EPSS

Процентиль: 62%

0.00433

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-400

NVD-CWE-noinfo

Связанные уязвимости

CVE-2022-29177

CVSS3: 5.9

debian

больше 3 лет назад

Go Ethereum is the official Golang implementation of the Ethereum prot ...

GHSA-wjxw-gh3m-7pm5

CVSS3: 5.9

github

больше 3 лет назад

DoS via malicious p2p message in Go Ethereum

EPSS

Процентиль: 62%

0.00433

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-400

NVD-CWE-noinfo