mirror
/
go-ethereum
mirror of https://github.com/ethereum/go-ethereum
2
0
Fork 1
Code Issues Releases Wiki Activity

docs: vulnerability disclosure (#23955)

Browse Source
pull/24006/head
Martin Holst Swende 3 years ago committed by GitHub
parent ef878bbb42
commit d62c773e3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 7 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      docs/_vulnerabilities/vulnerabilities.json
  2. 6
      docs/_vulnerabilities/vulnerabilities.json.minisig

9
docs/_vulnerabilities/vulnerabilities.json
Unescape View File

@ -134,13 +134,14 @@
"check": "(Geth\\/v1\\.10\\.(0|1|2|3|4|5|6|7)-.*)$" "check": "(Geth\\/v1\\.10\\.(0|1|2|3|4|5|6|7)-.*)$"
}, },
{ {
"name": "DoS via maliciously crafted p2p message", "name": "DoS via malicious `snap/1` request ",
"uid": "GETH-2021-03", "uid": "GETH-2021-03",
"summary": "A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer.", "summary": "A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer, via the snap/1 protocol. The crash can be triggered by sending a malicious snap/1 GetTrieNodes package.",
"description": "A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer.\nFurther details will be released at a later point in time, in accordance with our official disclosure policy.", "description": "The `snap/1` protocol handler contains two vulnerabilities related to the `GetTrieNodes` packet, which can be exploited to crash the node. Full details are available at the Github security [advisory](https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v)",
"links": [ "links": [
"https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v", "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v",
"https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities" "https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities",
"https://github.com/ethereum/go-ethereum/pull/23657"
], ],
"introduced": "v1.10.0", "introduced": "v1.10.0",
"fixed": "v1.10.9", "fixed": "v1.10.9",

6
docs/_vulnerabilities/vulnerabilities.json.minisig
Unescape View File

@ -1,4 +1,4 @@
untrusted comment: signature from minisign secret key untrusted comment: signature from minisign secret key
RWQk7Lo5TQgd+8l5duLP0gUKWHwGDmqe1FDRgmbZ0OE0D4dnw8W2MJhhq6ckZKhGnD7zW1Htw63mbnHuy7TDo0Oz99qwFfzv1w8= RWQk7Lo5TQgd++1KS2a5zDfzIShMgTJkiv++9SEPG1JSAvSkq3MbNuYg/Rg0sAiRdfh7V4oBfKBL8sxlwoAq2MpKE19ezsluIwM=
trusted comment: timestamp:1635075909 file:vulnerabilities.json trusted comment: timestamp:1637656079 file:vulnerabilities.json
827bn9OQI+f9gdKa1JSPYmnCpDGSKEWI2C9Ywz7Mlnvzi6Z9Ec+h+R5t/v9x7CLwXK8l5TMXgm6sv5JBduv8Dw== Wazb+Xg21XNnbbx10OF0fDtlI27VhgJ5GfjmywnD3s3uJHFCC3CSRF14m75nSBelmvw4tHNZk1Apf3vBNvw0AQ==

Write Preview
Loading…
Cancel
Save