CVE-2021-41173

EPSS 1.2%
Veröffentlicht 26.10.2021 14:15:08
Zuletzt bearbeitet 21.11.2024 06:25:40
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

DoS via maliciously crafted p2p message

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ethereum ≫ Go Ethereum Version < 1.10.9

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.2%	0.642

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:N/A:P
security-advisories@github.com	5.7	2.1	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738

Patch

Third Party Advisory

https://github.com/ethereum/go-ethereum/pull/23801

Patch

Third Party Advisory

https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9

Third Party Advisory

Release Notes

https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-41173