| |
Vulnerability CVE-2022-29177
Published: 2022-05-20
Description: |
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack. |
Type:
CWE-400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
References: |
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5
https://github.com/ethereum/go-ethereum/pull/24507
|
|
|
Copyright 2024, cxsecurity.com
|
|
|