CVE-2023-40591

Опубликовано: 06 сент. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version 1.12.1-stable, i.e, 1.12.2-unstable and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

https://geth.ethereum.org/docs/developers/geth-developer/disclosures
Product
https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1
Release Notes
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm
Third Party Advisory
https://geth.ethereum.org/docs/developers/geth-developer/disclosures
Product
https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1
Release Notes
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*

Версия от 1.10.0 (включая) до 1.12.1 (исключая)

EPSS

Процентиль: 54%

0.00315

Низкий

7.5 High

CVSS3

Дефекты

CWE-400

Связанные уязвимости

CVE-2023-40591

CVSS3: 7.5

debian

больше 2 лет назад

go-ethereum (geth) is a golang execution layer implementation of the E ...

GHSA-ppjg-v974-84cm

CVSS3: 7.5

github

больше 2 лет назад

Go-Ethereum vulnerable to denial of service via malicious p2p message

EPSS

Процентиль: 54%

0.00315

Низкий

7.5 High

CVSS3

Дефекты

CWE-400