CVE-2020-26264: Uncontrolled Resource Consumption
(updated )
Go Ethereum, or Geth
, is the official Golang implementation of the Ethereum protocol. In Geth a denial-of-service vulnerability can make a LES
server crash via malicious GetProofsV2
request from a connected LES
client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit.
References
Detect and mitigate CVE-2020-26264 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →