interesting
/
go-ethereum
mirror of https://github.com/ethereum/go-ethereum.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

docs: vulnerability disclosure (#23955)

This commit is contained in:
Martin Holst Swende 2021-11-23 09:41:04 +01:00 committed by GitHub
parent ef878bbb42
commit d62c773e3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/_vulnerabilities/vulnerabilities.json
View File

@ -134,13 +134,14 @@
"check": "(Geth\\/v1\\.10\\.(0|1|2|3|4|5|6|7)-.*)$"
},
{
"name": "DoS via maliciously crafted p2p message",
"name": "DoS via malicious `snap/1` request ",
"uid": "GETH-2021-03",
"summary": "A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer.",
"description": "A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer.\nFurther details will be released at a later point in time, in accordance with our official disclosure policy.",
"summary": "A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer, via the snap/1 protocol. The crash can be triggered by sending a malicious snap/1 GetTrieNodes package.",
"description": "The `snap/1` protocol handler contains two vulnerabilities related to the `GetTrieNodes` packet, which can be exploited to crash the node. Full details are available at the Github security [advisory](https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v)",
"links": [
"https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v",
"https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities"
"https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities",
"https://github.com/ethereum/go-ethereum/pull/23657"
],
"introduced": "v1.10.0",
"fixed": "v1.10.9",

6
docs/_vulnerabilities/vulnerabilities.json.minisig
View File

@ -1,4 +1,4 @@
untrusted comment: signature from minisign secret key
RWQk7Lo5TQgd+8l5duLP0gUKWHwGDmqe1FDRgmbZ0OE0D4dnw8W2MJhhq6ckZKhGnD7zW1Htw63mbnHuy7TDo0Oz99qwFfzv1w8=
trusted comment: timestamp:1635075909 file:vulnerabilities.json
827bn9OQI+f9gdKa1JSPYmnCpDGSKEWI2C9Ywz7Mlnvzi6Z9Ec+h+R5t/v9x7CLwXK8l5TMXgm6sv5JBduv8Dw==
RWQk7Lo5TQgd++1KS2a5zDfzIShMgTJkiv++9SEPG1JSAvSkq3MbNuYg/Rg0sAiRdfh7V4oBfKBL8sxlwoAq2MpKE19ezsluIwM=
trusted comment: timestamp:1637656079 file:vulnerabilities.json
Wazb+Xg21XNnbbx10OF0fDtlI27VhgJ5GfjmywnD3s3uJHFCC3CSRF14m75nSBelmvw4tHNZk1Apf3vBNvw0AQ==