CVE-2023-40591

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*

History

12 Sep 2023, 15:24

Type Values Removed Values Added
References (MISC) https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1 - (MISC) https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1 - Release Notes
References (MISC) https://geth.ethereum.org/docs/developers/geth-developer/disclosures - (MISC) https://geth.ethereum.org/docs/developers/geth-developer/disclosures - Product
References (MISC) https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm - (MISC) https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*
First Time Ethereum
Ethereum go Ethereum

06 Sep 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-06 19:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-40591

Mitre link : CVE-2023-40591

CVE.ORG link : CVE-2023-40591


JSON object : View

Products Affected

ethereum

  • go_ethereum
CWE
CWE-400

Uncontrolled Resource Consumption