GHSA-m6gx-rhvj-fh52
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m6gx-rhvj-fh52
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-m6gx-rhvj-fh52/GHSA-m6gx-rhvj-fh52.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m6gx-rhvj-fh52
- Aliases
- Published
- 2021-06-29T21:13:54Z
- Modified
- 2024-08-21T14:57:07.113899Z
- Summary
- Denial of service in go-ethereum due to CVE-2020-28362
- Details
-
Impact
Versions of Geth built with Go
<1.15.5or<1.14.12are most likely affected by a critical DoS-related security vulnerability. The golang team has registered the underlying flaw as ‘CVE-2020-28362’.We recommend all users to rebuild (ideally
v1.9.24) with Go1.15.5or1.14.12, to avoid node crashes. Alternatively, if you are running binaries distributed via one of our official channels, we’re going to releasev1.9.24ourselves built with Go1.15.5.Patches
This is not an issue in go-ethereum, rebuilding an older version with Go
1.15.5or1.14.12will suffice to address the vulnerability.Workarounds
Rebuilding with Go
1.15.5or1.14.12will suffice to address the vulnerability.References
- https://blog.ethereum.org/2020/11/12/gethsecurityrelease/
- https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM
For more information
If you have any questions or comments about this advisory: * Open an issue in go-ethereum * Email us at security@ethereum.org
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2021-05-21T21:49:12Z" }- References
Affected packages
Go / github.com/ethereum/go-ethereum
Package
- Name
- github.com/ethereum/go-ethereum
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/ethereum/go-ethereum