docs: vulnerability disclosure (#23955)

pull/24006/head
Martin Holst Swende 3 years ago committed by GitHub
parent ef878bbb42
commit d62c773e3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 9
      docs/_vulnerabilities/vulnerabilities.json
  2. 6
      docs/_vulnerabilities/vulnerabilities.json.minisig

@ -134,13 +134,14 @@
"check": "(Geth\\/v1\\.10\\.(0|1|2|3|4|5|6|7)-.*)$"
},
{
"name": "DoS via maliciously crafted p2p message",
"name": "DoS via malicious `snap/1` request ",
"uid": "GETH-2021-03",
"summary": "A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer.",
"description": "A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer.\nFurther details will be released at a later point in time, in accordance with our official disclosure policy.",
"summary": "A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer, via the snap/1 protocol. The crash can be triggered by sending a malicious snap/1 GetTrieNodes package.",
"description": "The `snap/1` protocol handler contains two vulnerabilities related to the `GetTrieNodes` packet, which can be exploited to crash the node. Full details are available at the Github security [advisory](https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v)",
"links": [
"https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v",
"https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities"
"https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities",
"https://github.com/ethereum/go-ethereum/pull/23657"
],
"introduced": "v1.10.0",
"fixed": "v1.10.9",

@ -1,4 +1,4 @@
untrusted comment: signature from minisign secret key
RWQk7Lo5TQgd+8l5duLP0gUKWHwGDmqe1FDRgmbZ0OE0D4dnw8W2MJhhq6ckZKhGnD7zW1Htw63mbnHuy7TDo0Oz99qwFfzv1w8=
trusted comment: timestamp:1635075909 file:vulnerabilities.json
827bn9OQI+f9gdKa1JSPYmnCpDGSKEWI2C9Ywz7Mlnvzi6Z9Ec+h+R5t/v9x7CLwXK8l5TMXgm6sv5JBduv8Dw==
RWQk7Lo5TQgd++1KS2a5zDfzIShMgTJkiv++9SEPG1JSAvSkq3MbNuYg/Rg0sAiRdfh7V4oBfKBL8sxlwoAq2MpKE19ezsluIwM=
trusted comment: timestamp:1637656079 file:vulnerabilities.json
Wazb+Xg21XNnbbx10OF0fDtlI27VhgJ5GfjmywnD3s3uJHFCC3CSRF14m75nSBelmvw4tHNZk1Apf3vBNvw0AQ==

Loading…
Cancel
Save