interesting
/
go-ethereum
mirror of https://github.com/ethereum/go-ethereum.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

vulnerabilites: updates (#21998)

This commit is contained in:
Martin Holst Swende 2020-12-11 09:16:35 +01:00 committed by GitHub
parent 509e1d7dc7
commit 8e38e4bd0b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
docs/_vulnerabilities/vulnerabilities.json
View File

@ -66,5 +66,36 @@
"severity": "Critical",
"CVE": "CVE-2020-26242",
"check": "Geth\\/v1\\.9.(16|17).*$"
},
{
"name": "LES Server DoS via GetProofsV2",
"uid": "GETH-2020-05",
"summary": "A DoS vulnerability can make a LES server crash.",
"description": "A DoS vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client.\n\nThe vulnerability was patched in #21896.\n\nThis vulnerability only concern users explicitly running geth as a light server",
"links": [
"https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q",
"https://github.com/ethereum/go-ethereum/pull/21896"
],
"introduced": "v1.8.0",
"fixed": "v1.9.25",
"published": "2020-12-10",
"severity": "Medium",
"CVE": "CVE-2020-26264",
"check": "(Geth\\/v1\\.8\\.*)|(Geth\\/v1\\.9\\.\\d-.*)|(Geth\\/v1\\.9\\.1\\d-.*)|(Geth\\/v1\\.9\\.(20|21|22|23|24)-.*)$"
},
{
"name": "Consensus flaw during block processing",
"uid": "GETH-2020-06",
"summary": "A consensus-vulnerability in Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain.",
"description": "Full details to be released at a later date.",
"links": [
"https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4"
],
"introduced": "v1.9.4",
"fixed": "v1.9.20",
"published": "2020-12-10",
"severity": "High",
"CVE": "CVE-2020-26265",
"check": "(Geth\\/v1\\.9\\.(4|5|6|7|8|9)-.*)|(Geth\\/v1\\.9\\.1\\d-.*)$"
}
]

6
docs/_vulnerabilities/vulnerabilities.json.minisig
View File

@ -1,4 +1,4 @@
untrusted comment: signature from minisign secret key
RWQk7Lo5TQgd+2fCWW+1uE5hM7811xOurL4JXKJgO10k0IhPQjuJMEULaZlLnr+yPR9X+CKjz2X8DfwSXxHh0j09cT98NVcMvgk=
trusted comment: timestamp:1607093897 file:vulnerabilities.json
Za0+WCqDoGrvvJm8/cbVOm5cvVMuxDZakzPxSsaKaMrRQ41jmxL/Ja5G4lhgMSX9SUFCiG9cusGI2NMlu/vkDw==
RWQk7Lo5TQgd+zxfhTVu9RKveaSCRXSMeOq6nKsv/f1cJmHJEB75gOTTsh6P7SzKwwNCES4LgD9ozE4FEUBRUguSZP3ITc2rvAg=
trusted comment: timestamp:1607605939 file:vulnerabilities.json
lC8y+82roRxdNTsA3VZkG6vPxkpYq+yIiTXPdkigaDvZaT4Kro1FqfVGIZ60Uh/6MYz4pSgQYAmD6ujLOQjoAA==