Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25.
References
Link | Resource |
---|---|
https://github.com/ethereum/go-ethereum/pull/21896 | Patch Third Party Advisory |
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q | Third Party Advisory |
https://github.com/ethereum/go-ethereum/releases/tag/v1.9.25 | Third Party Advisory |
https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46 | Patch Third Party Advisory |
Configurations
Information
Published : 2020-12-11 09:15
Updated : 2020-12-14 10:06
NVD link : CVE-2020-26264
Mitre link : CVE-2020-26264
JSON object : View
CWE
CWE-400
Uncontrolled Resource Consumption
Products Affected
ethereum
- go_ethereum