Vulnerability CVE-2022-29177


Published: 2022-05-20

Description:
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack.

Type:

CWE-400

(Uncontrolled Resource Consumption ('Resource Exhaustion'))

 References:
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5
https://github.com/ethereum/go-ethereum/pull/24507

Copyright 2022, cxsecurity.com

 

Back to Top