Page 2 of 18 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service (DoS). Un fallo de diseño en Go-Ethereum versiones 1.10.12 y versiones anteriores, permite a un nodo atacante enviar 5120 transacciones futuras con un precio de gas elevado en un solo mensaje, lo que puede purgar todas las transacciones pendientes en el pool de memoria de un nodo víctima, causando una denegación de servicio (DoS) • http://ethereum.com http://go-ethereum.com https://dl.acm.org/doi/pdf/10.1145/3460120.3485369 https://tristartom.github.io/docs/ccs21.pdf •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal. Los nodos de Go-Ethereum 1.10.9 son bloqueados (denegación de servicio) después de recibir una serie de mensajes y no pueden recuperarse. Serán bloqueados con "runtime error: invalid memory address or nil pointer dereference" y surgirá una señal SEGV. • https://github.com/ethereum/go-ethereum/issues/23866 • CWE-476: NULL Pointer Dereference •

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading. Go Ethereum es la implementación oficial en Golang del protocolo Ethereum. • https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738 https://github.com/ethereum/go-ethereum/pull/23801 https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9 https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available. go-ethereum es la implementación oficial Go del protocolo Ethereum. • https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8 https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq • CWE-436: Interpretation Conflict •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25. Go Ethereum, o "Geth", es la implementación oficial de Golang del protocolo Ethereum. • https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46 https://github.com/ethereum/go-ethereum/pull/21896 https://github.com/ethereum/go-ethereum/releases/tag/v1.9.25 https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q • CWE-400: Uncontrolled Resource Consumption •