cbcvebase.

Github.Com Ethereum Go-Ethereum vulnerabilities

26 known vulnerabilities affecting github.com/ethereum_go-ethereum.

Total CVEs
26
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH13MEDIUM13

Vulnerabilities

Page 2 of 2
CVE-2018-16733P4HIGH≥ 0, < 1.8.142021-05-18
CVE-2018-16733 [HIGH] CWE-20 Go Ethereum Improper Input Validation Go Ethereum Improper Input Validation In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. ### Specific Go Packages Affected github.com/ethereum/go-ethereum/eth
ghsaosv
CVE-2018-19184P4HIGH≥ 0, < 1.8.142021-06-29
CVE-2018-19184 [HIGH] CWE-476 Go Ethereum Denial of Service Go Ethereum Denial of Service `cmd/evm/runner.go` in Go Ethereum (aka geth) allows attackers to cause a denial of service (SEGV) via crafted bytecode. ### Specific Go Packages Affected github.com/ethereum/go-ethereum/cmd/evm
ghsaosv
CVE-2022-29177P4MEDIUM≥ 0, < 1.10.172022-05-24
CVE-2022-29177 [MEDIUM] CWE-400 DoS via malicious p2p message in Go Ethereum DoS via malicious p2p message in Go Ethereum ### Impact A vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. ### Patches The following PR addresses the problem: https://github.com/ethereum/go-ethereum/pull/24507 ### Workarounds Aside from applying the PR linked above, setting loglevel to default level (`INFO`)
ghsaosv
CVE-2020-26265P4MEDIUM≥ 1.9.4, < 1.9.202021-06-29
CVE-2020-26265 [MEDIUM] CWE-682 Consensus flaw during block processing in github.com/ethereum/go-ethereum Consensus flaw during block processing in github.com/ethereum/go-ethereum ### Impact A consensus-vulnerability in Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. ### Description A flaw was repoted at 2020-08-11 by John Youngseok Yang (Software Platform Lab), where a particular sequence of transactions could cause a consensus failure. - Tx
ghsaosv
CVE-2021-41173P4MEDIUM≥ 0, < 1.10.92021-10-25
CVE-2021-41173 [MEDIUM] CWE-20 Geth Node Vulnerable to DoS via maliciously crafted p2p message Geth Node Vulnerable to DoS via maliciously crafted p2p message ### Impact A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer, via the `snap/1` protocol. The crash can be triggered by sending a malicious `snap/1` `GetTrieNodes` package. ### Details On September 21, 2021, geth-team member Gary Rong (@rjl493456442) found a way to crash the snap request
ghsaosv
CVE-2021-43668P4MEDIUM≥ 0, ≤ 1.10.92021-11-23
CVE-2021-43668 [MEDIUM] CWE-476 Denial of Service in Go-Ethereum Denial of Service in Go-Ethereum Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal.
ghsaosv
Github.Com Ethereum Go-Ethereum vulnerabilities | cvebase