GHSA-689v-6xwf-5jf3

Suggest an improvement
Source
https://github.com/advisories/GHSA-689v-6xwf-5jf3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-689v-6xwf-5jf3/GHSA-689v-6xwf-5jf3.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-689v-6xwf-5jf3
Aliases
Published
2026-02-18T22:34:49Z
Modified
2026-02-19T22:04:41.240505Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
Go Ethereum affected by DoS via malicious p2p message
Details

Impact

An attacker can cause high memory usage by sending a specially-crafted p2p message. More details to be released later.

Patches

The issue is resolved in the v1.17.0 release.

Credit

This issue was reported to the Ethereum Foundation Bug Bounty Program by @revofusion

Database specific 
{
    "nvd_published_at": "2026-02-19T21:18:31Z",
    "github_reviewed_at": "2026-02-18T22:34:49Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-770"
    ],
    "github_reviewed": true
}
References

Affected packages

Go / github.com/ethereum/go-ethereum

Package

Name
github.com/ethereum/go-ethereum
View open source insights on deps.dev
Purl
pkg:golang/github.com/ethereum/go-ethereum

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.17.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-689v-6xwf-5jf3/GHSA-689v-6xwf-5jf3.json"