CVE-2025-24883 — Uncaught Exception in Ethereum Go-ethereum

CWE-248 — Uncaught Exception CWE-20 — Improper Input Validation5 documents4 sources

Severity

8.7HIGHNVD

EPSS

0.0%

top 88.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Ethereum Go-ethereum Ethereum Go-ethereum

Timeline

PublishedJan 30

Latest updateFeb 4

Description

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶Gogithub.com/ethereum_go-ethereum1.14.0 — 1.14.13

▶CVEListV5ethereum/go-ethereum>= 1.14.0, < 1.14.13

🔴Vulnerability Details

OSV

Go Ethereum vulnerable to DoS via malicious p2p message in github.com/ethereum/go-ethereum↗2025-02-04

▶

OSV

Go Ethereum vulnerable to DoS via malicious p2p message↗2025-01-30

▶

GHSA

Go Ethereum vulnerable to DoS via malicious p2p message↗2025-01-30

▶

CVEList

go-ethereum has a DoS via malicious p2p message↗2025-01-30

▶