CVE-2023-40591: Uncontrolled Resource Consumption

September 6, 2023 (updated September 12, 2023)

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version 1.12.1-stable, i.e, 1.12.2-unstable and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

geth.ethereum.org/docs/developers/geth-developer/disclosures
github.com/ethereum/go-ethereum/releases/tag/v1.12.1
github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm
nvd.nist.gov/vuln/detail/CVE-2023-40591

Code Behaviors & Features

Detect and mitigate CVE-2023-40591 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →