Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.
References
Link | Resource |
---|---|
https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738 | Patch Third Party Advisory |
https://github.com/ethereum/go-ethereum/pull/23801 | Patch Third Party Advisory |
https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9 | Release Notes Third Party Advisory |
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v | Third Party Advisory |
Configurations
History
28 Oct 2021, 20:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/ethereum/go-ethereum/pull/23801 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9 - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v - Third Party Advisory | |
References | (MISC) https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738 - Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.7 |
CWE | NVD-CWE-noinfo |
26 Oct 2021, 14:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-10-26 14:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-41173
Mitre link : CVE-2021-41173
CVE.ORG link : CVE-2021-41173
JSON object : View
Products Affected
ethereum
- go_ethereum
CWE