GHSA-m6gx-rhvj-fh52: Denial of service in go-ethereum due to CVE-2020-28362
(updated )
Versions of Geth built with Go <1.15.5
or <1.14.12
are most likely affected by a critical DoS-related security vulnerability. The golang team has registered the underlying flaw as ‘CVE-2020-28362’.
We recommend all users to rebuild (ideally v1.9.24
) with Go 1.15.5
or 1.14.12
, to avoid node crashes. Alternatively, if you are running binaries distributed via one of our official channels, we’re going to release v1.9.24
ourselves built with Go 1.15.5
.
References
Detect and mitigate GHSA-m6gx-rhvj-fh52 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →