From 61932e47106168a4eeb93ee68211752a25e031c5 Mon Sep 17 00:00:00 2001
From: Martin HS <martin@swende.se>
Date: Tue, 28 May 2024 14:16:45 +0200
Subject: [PATCH] cmd/geth: update testdata (vulncheck) (#29714)

---
 cmd/geth/testdata/vcheck/vulnerabilities.json | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/cmd/geth/testdata/vcheck/vulnerabilities.json b/cmd/geth/testdata/vcheck/vulnerabilities.json
index bee0e66dd8..31a34de6be 100644
--- a/cmd/geth/testdata/vcheck/vulnerabilities.json
+++ b/cmd/geth/testdata/vcheck/vulnerabilities.json
@@ -166,5 +166,37 @@
     "severity": "Low",
     "CVE": "CVE-2022-29177",
     "check": "(Geth\\/v1\\.10\\.(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)-.*)$"
+  },
+  {
+    "name": "DoS via malicious p2p message",
+    "uid": "GETH-2023-01",
+    "summary": "A vulnerable node can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node.",
+    "description": "The p2p handler spawned a new goroutine to respond to ping requests. By flooding a node with ping requests, an unbounded number of goroutines can be created, leading to resource exhaustion and potentially crash due to OOM.",
+    "links": [
+      "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm",
+      "https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities"
+    ],
+    "introduced": "v1.10.0",
+    "fixed": "v1.12.1",
+    "published": "2023-09-06",
+    "severity": "High",
+    "CVE": "CVE-2023-40591",
+    "check": "(Geth\\/v1\\.(10|11)\\..*)|(Geth\\/v1\\.12\\.0-.*)$"
+  },
+  {
+    "name": "DoS via malicious p2p message",
+    "uid": "GETH-2024-01",
+    "summary": "A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node.",
+    "description": "A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. Full details will be available at the Github security [advisory](https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652)",
+    "links": [
+      "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652",
+      "https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities"
+    ],
+    "introduced": "v1.10.0",
+    "fixed": "v1.13.15",
+    "published": "2024-05-06",
+    "severity": "High",
+    "CVE": "CVE-2024-32972",
+    "check": "(Geth\\/v1\\.(10|11|12)\\..*)|(Geth\\/v1\\.13\\.\\d-.*)|(Geth\\/v1\\.13\\.1(0|1|2|3|4)-.*)$"
   }
 ]