GHSA-PPJG-V974-84CM

Vulnerability from github – Published: 2023-09-06 19:49 – Updated: 2023-11-08 17:39
VLAI?
Summary
Go-Ethereum vulnerable to denial of service via malicious p2p message
Details

Impact

A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node.

Details

The p2p handler spawned a new goroutine to respond to ping requests. By flooding a node with ping requests, an unbounded number of goroutines can be created, leading to resource exhaustion and potentially crash due to OOM.

Patches

The fix is included in geth version 1.12.1-stable, i.e, 1.12.2-unstable and onwards.

Fixed by https://github.com/ethereum/go-ethereum/pull/27887

Workarounds

No known workarounds.

Credits

This bug was reported by Patrick McHardy and reported via bounty@ethereum.org.

References

Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/ethereum/go-ethereum"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.1-stable"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-40591"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-06T19:49:46Z",
    "nvd_published_at": "2023-09-06T19:15:44Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node.\n\n### Details\n\nThe p2p handler spawned a new goroutine to respond to `ping` requests. By flooding a node with ping requests, an unbounded number of goroutines can be created, leading to resource exhaustion and potentially crash due to OOM.\n\n### Patches\n\nThe fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. \n\nFixed by https://github.com/ethereum/go-ethereum/pull/27887\n\n### Workarounds\n\nNo known workarounds. \n\n### Credits\n\nThis bug was reported by Patrick McHardy and reported via [bounty@ethereum.org](mailto:bounty@ethereum.org). \n\n### References\n\n",
  "id": "GHSA-ppjg-v974-84cm",
  "modified": "2023-11-08T17:39:39Z",
  "published": "2023-09-06T19:49:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40591"
    },
    {
      "type": "WEB",
      "url": "https://geth.ethereum.org/docs/developers/geth-developer/disclosures"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ethereum/go-ethereum"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Go-Ethereum vulnerable to denial of service via malicious p2p message"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.