Ethereum Go Ethereum 1.11.0

CPE Details

Ethereum Go Ethereum 1.11.0
ethereum
go_ethereum
1.11.0
2023-09-12
13h49 +00:00
2023-09-12
13h49 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ethereum:go_ethereum:1.11.0:*:*:*:*:*:*:*

Informations

Vendor

ethereum

Product

go_ethereum

Version

1.11.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-42319 2023-10-17 22h00 +00:00 Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic.
7.5
High
CVE-2023-40591 2023-09-06 18h07 +00:00 go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.
7.5
High