Skip to main content

Go Ethereum

23 CVEs product

Monthly

CVE-2026-26315 Go HIGH PATCH This Week

Go Ethereum (Geth) versions prior to 1.16.9 contain a cryptographic implementation flaw in ECIES that allows remote attackers to extract portions of the p2p node key without authentication. This exposure could compromise the confidentiality of node communications and potentially enable impersonation or network-level attacks against affected Ethereum nodes. Administrators should upgrade to version 1.16.9 or later and rotate their node keys by deleting the nodekey file.

Golang Go Ethereum Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-26314 Go HIGH PATCH This Week

Geth versions prior to 1.16.9 can be remotely crashed by sending a specially crafted message over the network, allowing unauthenticated attackers to cause denial of service against Ethereum nodes. This vulnerability in Go Ethereum's message handling requires no user interaction and affects the availability of affected nodes. Patched versions 1.16.9 and 1.17.0 are available to remediate this issue.

Golang Denial Of Service Go Ethereum Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26313 Go HIGH PATCH This Week

Go Ethereum versions up to 1.17.0 is affected by allocation of resources without limits or throttling (CVSS 7.5).

Golang Go Ethereum Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22868 Go HIGH PATCH This Week

Go Ethereum (geth) nodes can be remotely crashed through maliciously crafted network messages, causing denial of service to affected network participants. An unauthenticated attacker on the network can exploit this vulnerability without user interaction to force vulnerable nodes offline. A patch is available in version 1.16.8 and later.

Golang Denial Of Service Go Ethereum Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22862 Go HIGH PATCH This Week

Go Ethereum nodes can be remotely crashed by unauthenticated attackers sending specially crafted network messages, resulting in denial of service. This network-based attack requires no user interaction and affects Golang and Go Ethereum implementations prior to version 1.16.8. A patch is available to remediate this high-severity vulnerability.

Golang Denial Of Service Go Ethereum Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-42319 Go HIGH POC This Week

Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Go Ethereum
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-40591 Go HIGH PATCH This Week

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-37450 Go MEDIUM POC This Month

Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Go Ethereum
NVD GitHub
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-29177 Go MEDIUM PATCH This Month

Go Ethereum is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2022-23328 Go HIGH POC This Week

A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Go Ethereum
NVD VulDB
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-23327 Go HIGH POC This Week

A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Go Ethereum
NVD VulDB
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-43668 Go MEDIUM This Month

Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-41173 Go MEDIUM PATCH This Month

Go Ethereum is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.1
5.7
EPSS
1.2%
CVE-2021-39137 Go HIGH PATCH This Week

go-ethereum is the official Go implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Canonical Information Disclosure Go Ethereum
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-26265 Go MEDIUM PATCH This Month

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Canonical Go Ethereum
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-26264 Go MEDIUM PATCH This Month

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-26242 Go HIGH PATCH This Week

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-26241 Go HIGH PATCH This Week

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Canonical Go Ethereum
NVD GitHub
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-26240 Go HIGH PATCH This Week

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go Ethereum
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2018-20421 HIGH POC This Week

Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-19184 Go HIGH POC PATCH This Week

cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-16733 Go HIGH PATCH This Week

In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Ethereum
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-12018 Go HIGH POC PATCH This Week

The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.0
7.5
EPSS
4.3%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Go Ethereum (Geth) versions prior to 1.16.9 contain a cryptographic implementation flaw in ECIES that allows remote attackers to extract portions of the p2p node key without authentication. This exposure could compromise the confidentiality of node communications and potentially enable impersonation or network-level attacks against affected Ethereum nodes. Administrators should upgrade to version 1.16.9 or later and rotate their node keys by deleting the nodekey file.

Golang Go Ethereum Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Geth versions prior to 1.16.9 can be remotely crashed by sending a specially crafted message over the network, allowing unauthenticated attackers to cause denial of service against Ethereum nodes. This vulnerability in Go Ethereum's message handling requires no user interaction and affects the availability of affected nodes. Patched versions 1.16.9 and 1.17.0 are available to remediate this issue.

Golang Denial Of Service Go Ethereum +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Go Ethereum versions up to 1.17.0 is affected by allocation of resources without limits or throttling (CVSS 7.5).

Golang Go Ethereum Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Go Ethereum (geth) nodes can be remotely crashed through maliciously crafted network messages, causing denial of service to affected network participants. An unauthenticated attacker on the network can exploit this vulnerability without user interaction to force vulnerable nodes offline. A patch is available in version 1.16.8 and later.

Golang Denial Of Service Go Ethereum +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Go Ethereum nodes can be remotely crashed by unauthenticated attackers sending specially crafted network messages, resulting in denial of service. This network-based attack requires no user interaction and affects Golang and Go Ethereum implementations prior to version 1.16.8. A patch is available to remediate this high-severity vulnerability.

Golang Denial Of Service Go Ethereum +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Go Ethereum
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Ethereum
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Go Ethereum
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Go Ethereum is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Go Ethereum
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Go Ethereum
NVD VulDB
EPSS 2% CVSS 7.5
HIGH POC This Week

A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Go Ethereum
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Go Ethereum
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

Go Ethereum is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Go Ethereum
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

go-ethereum is the official Go implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Canonical Information Disclosure Go Ethereum
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Canonical Go Ethereum
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Go Ethereum
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Ethereum
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Canonical Go Ethereum
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go Ethereum
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Go Ethereum
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Go Ethereum
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Ethereum
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Go Ethereum
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy