GHSA-m6gx-rhvj-fh52: Denial of service in go-ethereum due to CVE-2020-28362

June 29, 2021 (updated January 30, 2025)

Versions of Geth built with Go <1.15.5 or <1.14.12 are most likely affected by a critical DoS-related security vulnerability. The golang team has registered the underlying flaw as ‘CVE-2020-28362’.

We recommend all users to rebuild (ideally v1.9.24) with Go 1.15.5 or 1.14.12, to avoid node crashes. Alternatively, if you are running binaries distributed via one of our official channels, we’re going to release v1.9.24 ourselves built with Go 1.15.5.

References

github.com/advisories/GHSA-m6gx-rhvj-fh52
github.com/ethereum/go-ethereum
github.com/ethereum/go-ethereum/security/advisories/GHSA-m6gx-rhvj-fh52

Detect and mitigate GHSA-m6gx-rhvj-fh52 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →