CVE-2022-29177

DoS via malicious p2p message in Go-Ethereum

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack.

Go Ethereum es la implementación oficial en Golang del protocolo Ethereum. En versiones anteriores a 1.10.17, un nodo vulnerable, si está configurado para usar un registro de alta verbosidad, puede ser hecho caer cuando maneja mensajes p2p especialmente diseñados enviados desde un nodo atacante. La versión 1.10.17 contiene un parche que aborda el problema. Como mitigación, establecer el nivel de registro al nivel por defecto ("INFO") hace que el nodo no sea vulnerable a este ataque

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-04-13 CVE Reserved
2022-05-20 CVE Published
2023-12-11 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/ethereum/go-ethereum/pull/24507	2022-06-06
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5	2022-06-06

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ethereum Search vendor "Ethereum"		Go Ethereum Search vendor "Ethereum" for product "Go Ethereum"				< 1.10.17 Search vendor "Ethereum" for product "Go Ethereum" and version " < 1.10.17"		-		Affected