CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32972 – go-ethereum denial of service via malicious p2p message
https://notcve.org/view.php?id=CVE-2024-32972
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards. go-ethereum (geth) es una implementación de la capa de ejecución golang del protocolo Ethereum. Antes de 13.01.15, se podía hacer que un nodo vulnerable consumiera cantidades muy grandes de memoria al manejar mensajes p2p especialmente manipulados enviados desde un nodo atacante. La solución se incluyó en la versión geth `1.13.15` y posteriores. • https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15 https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42319
https://notcve.org/view.php?id=CVE-2023-42319
Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic. Geth (también conocido como go-ethereum) hasta 1.13.4, cuando se usa --http --graphql, permite a atacantes remotos provocar una Denegación de Servicio (consumo de memoria y bloqueo del daemon) a través de una consulta GraphQL manipulada. NOTA: la posición del proveedor es que "el endpoint Graphql [no está] diseñado para resistir ataques de clientes hostiles ni para manejar grandes cantidades de clientes/tráfico. • https://blog.mevsec.com/posts/geth-dos-with-graphql https://geth.ethereum.org/docs/fundamentals/security •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36980
https://notcve.org/view.php?id=CVE-2023-36980
An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold. Un problema en Ethereum Blockchain v0.1.1+commit.6ff4cd6 hace que el saldo se ponga a cero cuando el valor de betsize+casino.balance excede el umbral. • https://etherscan.io https://github.com/WayneLi12/CVEs/tree/master/CVE-2023-36980 • CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40591 – Denial of service via malicious p2p message in go-ethereum
https://notcve.org/view.php?id=CVE-2023-40591
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability. go-ethereum (geth) es una implementación de la capa de ejecución golang del protocolo Ethereum. • https://geth.ethereum.org/docs/developers/geth-developer/disclosures https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1 https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1930 – ReDoS in eth-account encode_structured_data function
https://notcve.org/view.php?id=CVE-2022-1930
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method Una ReDoS exponencial (Denegación de Servicio por Expresión Regular) puede ser desencadenada en el paquete PyPI eth-account, cuando un atacante es capaz de suministrar una entrada arbitraria al método encode_structured_data • https://research.jfrog.com/vulnerabilities/eth-account-redos-xray-248681 • CWE-1333: Inefficient Regular Expression Complexity •