mirror
/
go-ethereum
mirror of https://github.com/ethereum/go-ethereum
2
0
Fork 1
Code Issues Releases Wiki Activity

docs: update vulns (#29715)

Browse Source
pull/29785/head
Martin HS 9 months ago committed by GitHub
parent 22a057cf65
commit 8ea614e2b8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 21 additions and 5 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 20
      public/docs/vulnerabilities/vulnerabilities.json
  2. 6
      public/docs/vulnerabilities/vulnerabilities.json.minisig

20
public/docs/vulnerabilities/vulnerabilities.json
Unescape View File

@ -171,7 +171,7 @@
"name": "DoS via malicious p2p message",
"uid": "GETH-2023-01",
"summary": "A vulnerable node can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node.",
"description": "A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. Full details will be available at the Github security [advisory](https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm)",
"description": "The p2p handler spawned a new goroutine to respond to ping requests. By flooding a node with ping requests, an unbounded number of goroutines can be created, leading to resource exhaustion and potentially crash due to OOM.",
"links": [
"https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm",
"https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities"
@ -180,7 +180,23 @@
"fixed": "v1.12.1",
"published": "2023-09-06",
"severity": "High",
"CVE": "CVE-2023-40591 ",
"CVE": "CVE-2023-40591",
"check": "(Geth\\/v1\\.(10|11)\\..*)|(Geth\\/v1\\.12\\.0-.*)$"
},
{
"name": "DoS via malicious p2p message",
"uid": "GETH-2024-01",
"summary": "A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node.",
"description": "A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. Full details will be available at the Github security [advisory](https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652)",
"links": [
"https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652",
"https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities"
],
"introduced": "v1.10.0",
"fixed": "v1.13.15",
"published": "2024-05-06",
"severity": "High",
"CVE": "CVE-2024-32972",
"check": "(Geth\\/v1\\.(10|11|12)\\..*)|(Geth\\/v1\\.13\\.\\d-.*)|(Geth\\/v1\\.13\\.1(0|1|2|3|4)-.*)$"
}
]

6
public/docs/vulnerabilities/vulnerabilities.json.minisig
Unescape View File

@ -1,4 +1,4 @@
untrusted comment: signature from minisign secret key
RWQk7Lo5TQgd+yNUDg5S/P8bgddJ1c/pzV2keGeTxMlRTXxQjn5H66khm06OrodLkmNm9jgLYiJ5GRt+C1CmwHty8U/xI+6WhwY=
trusted comment: timestamp:1693984324 file:vulnerabilities.json
cfrt9ByMEn+s2BcMmtsS5AUNlTkhhU0rI0t5ggBPW8oT0tlkXYbsBrdlBvlPyOH3NJQNlbEYRb5Dq1XrQnd0BA==
RWQk7Lo5TQgd+2rE1+5e1Lktjuuw3NXwQ1jw226A6kfhejGhuvWcJATzq4culuqNUsU0PiksZtqUETBDKUCtqURZEfg1eKi+wwE=
trusted comment: timestamp:1715001455 file:vulnerabilities.json
/C3EUxt4xNPK/F2jZnNWOx+8iPJMySm9VNIn6lHsRqUCUeEO+iOrbKMghnmR08j4oppFfutOjyOWN3dTsRQ/Bg==

Write Preview
Loading…
Cancel
Save