CVE-2023-40591

Uncontrolled Resource Consumption in go/github.com/ethereum/go-ethereum

Identifiers

CVE-2023-40591, GHSA-ppjg-v974-84cm

Package Slug

go/github.com/ethereum/go-ethereum

Vulnerability

Uncontrolled Resource Consumption

Description

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version 1.12.1-stable, i.e, 1.12.2-unstable and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected Versions

All versions starting from 1.10.0 before 1.12.1

Solution

Upgrade to version 1.12.1 or above.

Last Modified

2023-09-07

source