cbcvebase.
CVE-2023-40591
published 2023-09-06

CVE-2023-40591: go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory…

PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.98%
57.8th percentile
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected

4 ranges
VendorProductVersion rangeFixed in
ethereumgo-ethereum< 1.12.1-stable1.12.1-stable
ethereumgo_ethereum>= 1.10.0 < 1.12.11.12.1
github.comethereum_go-ethereum>= 0 < 1.12.11.12.1
github.comethereum_go-ethereum>= 0 < 1.12.1-stable1.12.1-stable
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.