CVE-2018-20421Allocation of Resources Without Limits or Throttling in GO Ethereum

CWE-770Allocation of Resources Without Limits or Throttling3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 43.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ethereum GO Ethereum
Timeline
PublishedDec 24
Latest updateMay 13

Description

Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of "assembly { mstore }" followed by a "c[0xC800000] = 0xFF" assignment.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-5g4w-3m99-4m2p: Go Ethereum (aka geth) 12022-05-13
CVEList
CVE-2018-20421: Go Ethereum (aka geth) 12018-12-24
CVE-2018-20421 — Ethereum GO Ethereum vulnerability | cvebase