CVE-2024-32972
published 2024-05-06CVE-2024-32972: go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.85%
53.4th percentile
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ethereum | go-ethereum | < 1.13.15 | 1.13.15 |
| github.com | ethereum_go-ethereum | >= 0 < 1.13.15 | 1.13.15 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Denial of Service in github.com/ethereum/go-ethereum
osv·2024-05-08
CVE-2024-32972 Denial of Service in github.com/ethereum/go-ethereum
Denial of Service in github.com/ethereum/go-ethereum
A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. This can result in a denial of service as the node runs out of memory.
GHSA
go-ethereum vulnerable to DoS via malicious p2p message
ghsa·2024-05-06
CVE-2024-32972 [HIGH] CWE-400 go-ethereum vulnerable to DoS via malicious p2p message
go-ethereum vulnerable to DoS via malicious p2p message
### Impact
A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node.
In order to carry out the attack, the attacker establishes a peer connections to the victim, and sends a malicious `GetBlockHeadersRequest` message with a `count` of `0`, using the `ETH` protocol.
In `descendants := chain.GetHeadersFrom(num+count-1, count-1)`, the value of `count-1` is passed to the function `GetHeadersFrom(number, count uint64)` as parameter `count`. Due to integer overflow, `UINT64_MAX` value is then passed as the `count` argument to function `GetHeadersFrom(number, count uint64)`. This allows an attacker to bypass `maxHeadersServe` and request all headers from
OSV
go-ethereum vulnerable to DoS via malicious p2p message
osv·2024-05-06
CVE-2024-32972 [HIGH] go-ethereum vulnerable to DoS via malicious p2p message
go-ethereum vulnerable to DoS via malicious p2p message
### Impact
A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node.
In order to carry out the attack, the attacker establishes a peer connections to the victim, and sends a malicious `GetBlockHeadersRequest` message with a `count` of `0`, using the `ETH` protocol.
In `descendants := chain.GetHeadersFrom(num+count-1, count-1)`, the value of `count-1` is passed to the function `GetHeadersFrom(number, count uint64)` as parameter `count`. Due to integer overflow, `UINT64_MAX` value is then passed as the `count` argument to function `GetHeadersFrom(number, count uint64)`. This allows an attacker to bypass `maxHeadersServe` and request all headers from
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-06
Published