Skip to main content

Go Ethereum CVE-2022-29177

MEDIUM
Uncontrolled Resource Consumption (CWE-400)
2022-05-20 security-advisories@github.com
5.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 20, 2022 - 17:15 nvd
MEDIUM 5.9

DescriptionNVD

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (INFO) makes the node not vulnerable to this attack.

AnalysisAI

Go Ethereum is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (INFO) makes the node not vulnerable to this attack. Affected products include: Ethereum Go Ethereum. Version information: version 1.10.17.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

CVE-2022-23328 HIGH POC
7.5 Mar 04

A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas pri

CVE-2022-23327 HIGH POC
7.5 Mar 04

A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a

CVE-2023-42319 HIGH POC
7.5 Oct 18

Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of servi

CVE-2018-20421 HIGH POC
7.5 Dec 24

Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length

CVE-2018-19184 HIGH POC
7.5 Nov 12

cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted byte

CVE-2018-12018 HIGH POC
7.5 Jul 05

The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an

CVE-2022-37450 MEDIUM POC
5.9 Aug 05

Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and

CVE-2026-26314 HIGH
7.5 Feb 19

Geth versions prior to 1.16.9 can be remotely crashed by sending a specially crafted message over the network, allowing

CVE-2026-22868 HIGH
7.5 Jan 13

Go Ethereum (geth) nodes can be remotely crashed through maliciously crafted network messages, causing denial of service

CVE-2026-22862 HIGH
7.5 Jan 13

Go Ethereum nodes can be remotely crashed by unauthenticated attackers sending specially crafted network messages, resul

CVE-2026-26313 HIGH
7.5 Feb 19

Go Ethereum versions up to 1.17.0 is affected by allocation of resources without limits or throttling (CVSS 7.5).

CVE-2026-26315 HIGH
7.5 Feb 19

Go Ethereum (Geth) versions prior to 1.16.9 contain a cryptographic implementation flaw in ECIES that allows remote atta

Share

CVE-2022-29177 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy