GHSA-4XC9-8HMQ-J652

Vulnerability from github – Published: 2024-05-06 14:20 – Updated: 2024-08-16 18:15
VLAI?
Summary
go-ethereum vulnerable to DoS via malicious p2p message
Details

Impact

A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node.

In order to carry out the attack, the attacker establishes a peer connections to the victim, and sends a malicious GetBlockHeadersRequest message with a count of 0, using the ETH protocol.

In descendants := chain.GetHeadersFrom(num+count-1, count-1), the value of count-1 is passed to the function GetHeadersFrom(number, count uint64) as parameter count. Due to integer overflow, UINT64_MAX value is then passed as the count argument to function GetHeadersFrom(number, count uint64). This allows an attacker to bypass maxHeadersServe and request all headers from the latest block back to the genesis block.

Patches

The fix has been included in geth version 1.13.15 and onwards.

The vulnerability was patched in: https://github.com/ethereum/go-ethereum/pull/29534

Workarounds

No workarounds have been made public.

References

No more information is released at this time.

Credit

This issue was disclosed responsibly by DongHan Kim via the Ethereum bug bounty program. Thank you for your cooperation.

Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/ethereum/go-ethereum"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.13.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-32972"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-06T14:20:40Z",
    "nvd_published_at": "2024-05-06T15:15:23Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node.\n\nIn order to carry out the attack, the attacker establishes a peer connections to the victim, and sends a malicious `GetBlockHeadersRequest` message with a `count` of  `0`, using the `ETH` protocol. \n\nIn `descendants := chain.GetHeadersFrom(num+count-1, count-1)`, the value of `count-1` is passed to the function `GetHeadersFrom(number, count uint64)` as parameter `count`. Due to integer overflow, `UINT64_MAX` value is then passed as the `count` argument to function `GetHeadersFrom(number, count uint64)`. This allows an attacker to bypass `maxHeadersServe` and request all headers from the latest block back to the genesis block. \n\n### Patches\n\nThe fix has been included in geth version `1.13.15` and onwards. \n\nThe vulnerability was patched in: https://github.com/ethereum/go-ethereum/pull/29534\n\n### Workarounds\n\nNo workarounds have been made public. \n\n### References\n\nNo more information is released at this time.\n\n### Credit\n\nThis issue was disclosed responsibly by DongHan Kim via the Ethereum bug bounty program. Thank you for your cooperation. ",
  "id": "GHSA-4xc9-8hmq-j652",
  "modified": "2024-08-16T18:15:47Z",
  "published": "2024-05-06T14:20:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32972"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-4xc9-8hmq-j652"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ethereum/go-ethereum"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "go-ethereum vulnerable to DoS via malicious p2p message"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.