CVE-2020-28362 — Improper Certificate Validation in Ethereum Go-ethereum

CWE-295 — Improper Certificate Validation11 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 62.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Ethereum Go-ethereum Golang GO Fedoraproject Fedora

Timeline

PublishedNov 18

Latest updateAug 21

Description

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDgolang/go1.15 — 1.15.5+1

▶Gogithub.com/ethereum_go-ethereum< 1.9.24

Also affects: Fedora 32, 33

🔴Vulnerability Details

OSV

Denial of service in go-ethereum due to CVE-2020-28362 in github.com/ethereum/go-ethereum↗2024-08-21

▶

GHSA

GHSA-gff4-9rfx-4pcw: Go before 1↗2022-05-24

▶

GHSA

Denial of service in go-ethereum due to CVE-2020-28362↗2021-06-29

▶

OSV

Denial of service in go-ethereum due to CVE-2020-28362↗2021-06-29

▶

OSV

Panic during division of very large numbers in math/big↗2021-04-14

▶

📋Vendor Advisories

Red Hat

golang: math/big: panic during recursive division of very large numbers↗2020-11-12

▶

Microsoft

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.↗2020-11-10

▶

Debian

CVE-2020-28362: golang-1.15 - Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.↗2020

▶