interesting
/
go-ethereum
mirror of https://github.com/ethereum/go-ethereum.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

docs: update vulns (#29715)

This commit is contained in:
Martin HS 2024-05-06 15:25:16 +02:00 committed by GitHub
parent 22a057cf65
commit 8ea614e2b8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
public/docs/vulnerabilities/vulnerabilities.json
View File

@ -171,7 +171,7 @@
"name": "DoS via malicious p2p message",
"uid": "GETH-2023-01",
"summary": "A vulnerable node can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node.",
"description": "A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. Full details will be available at the Github security [advisory](https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm)",
"description": "The p2p handler spawned a new goroutine to respond to ping requests. By flooding a node with ping requests, an unbounded number of goroutines can be created, leading to resource exhaustion and potentially crash due to OOM.",
"links": [
"https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm",
"https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities"
@ -182,5 +182,21 @@
"severity": "High",
"CVE": "CVE-2023-40591",
"check": "(Geth\\/v1\\.(10|11)\\..*)|(Geth\\/v1\\.12\\.0-.*)$"
},
{
"name": "DoS via malicious p2p message",
"uid": "GETH-2024-01",
"summary": "A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node.",
"description": "A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. Full details will be available at the Github security [advisory](https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652)",
"links": [
"https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652",
"https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities"
],
"introduced": "v1.10.0",
"fixed": "v1.13.15",
"published": "2024-05-06",
"severity": "High",
"CVE": "CVE-2024-32972",
"check": "(Geth\\/v1\\.(10|11|12)\\..*)|(Geth\\/v1\\.13\\.\\d-.*)|(Geth\\/v1\\.13\\.1(0|1|2|3|4)-.*)$"
}
]

6
public/docs/vulnerabilities/vulnerabilities.json.minisig
View File

@ -1,4 +1,4 @@
untrusted comment: signature from minisign secret key
RWQk7Lo5TQgd+yNUDg5S/P8bgddJ1c/pzV2keGeTxMlRTXxQjn5H66khm06OrodLkmNm9jgLYiJ5GRt+C1CmwHty8U/xI+6WhwY=
trusted comment: timestamp:1693984324 file:vulnerabilities.json
cfrt9ByMEn+s2BcMmtsS5AUNlTkhhU0rI0t5ggBPW8oT0tlkXYbsBrdlBvlPyOH3NJQNlbEYRb5Dq1XrQnd0BA==
RWQk7Lo5TQgd+2rE1+5e1Lktjuuw3NXwQ1jw226A6kfhejGhuvWcJATzq4culuqNUsU0PiksZtqUETBDKUCtqURZEfg1eKi+wwE=
trusted comment: timestamp:1715001455 file:vulnerabilities.json
/C3EUxt4xNPK/F2jZnNWOx+8iPJMySm9VNIn6lHsRqUCUeEO+iOrbKMghnmR08j4oppFfutOjyOWN3dTsRQ/Bg==