Go Ethereum
Monthly
Go Ethereum (Geth) versions prior to 1.16.9 contain a cryptographic implementation flaw in ECIES that allows remote attackers to extract portions of the p2p node key without authentication. This exposure could compromise the confidentiality of node communications and potentially enable impersonation or network-level attacks against affected Ethereum nodes. Administrators should upgrade to version 1.16.9 or later and rotate their node keys by deleting the nodekey file.
Geth versions prior to 1.16.9 can be remotely crashed by sending a specially crafted message over the network, allowing unauthenticated attackers to cause denial of service against Ethereum nodes. This vulnerability in Go Ethereum's message handling requires no user interaction and affects the availability of affected nodes. Patched versions 1.16.9 and 1.17.0 are available to remediate this issue.
Go Ethereum versions up to 1.17.0 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Go Ethereum (geth) nodes can be remotely crashed through maliciously crafted network messages, causing denial of service to affected network participants. An unauthenticated attacker on the network can exploit this vulnerability without user interaction to force vulnerable nodes offline. A patch is available in version 1.16.8 and later.
Go Ethereum nodes can be remotely crashed by unauthenticated attackers sending specially crafted network messages, resulting in denial of service. This network-based attack requires no user interaction and affects Golang and Go Ethereum implementations prior to version 1.16.8. A patch is available to remediate this high-severity vulnerability.
Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Go Ethereum is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Go Ethereum is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.
go-ethereum is the official Go implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Go Ethereum (Geth) versions prior to 1.16.9 contain a cryptographic implementation flaw in ECIES that allows remote attackers to extract portions of the p2p node key without authentication. This exposure could compromise the confidentiality of node communications and potentially enable impersonation or network-level attacks against affected Ethereum nodes. Administrators should upgrade to version 1.16.9 or later and rotate their node keys by deleting the nodekey file.
Geth versions prior to 1.16.9 can be remotely crashed by sending a specially crafted message over the network, allowing unauthenticated attackers to cause denial of service against Ethereum nodes. This vulnerability in Go Ethereum's message handling requires no user interaction and affects the availability of affected nodes. Patched versions 1.16.9 and 1.17.0 are available to remediate this issue.
Go Ethereum versions up to 1.17.0 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Go Ethereum (geth) nodes can be remotely crashed through maliciously crafted network messages, causing denial of service to affected network participants. An unauthenticated attacker on the network can exploit this vulnerability without user interaction to force vulnerable nodes offline. A patch is available in version 1.16.8 and later.
Go Ethereum nodes can be remotely crashed by unauthenticated attackers sending specially crafted network messages, resulting in denial of service. This network-based attack requires no user interaction and affects Golang and Go Ethereum implementations prior to version 1.16.8. A patch is available to remediate this high-severity vulnerability.
Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Go Ethereum is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Go Ethereum is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.
go-ethereum is the official Go implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.