Ethereum Go Ethereum 1.10.3

CPE Details

Ethereum Go Ethereum 1.10.3
ethereum
go_ethereum
1.10.3
2021-09-09
10h36 +00:00
2021-09-09
10h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ethereum:go_ethereum:1.10.3:*:*:*:*:*:*:*

Informations

Vendor

ethereum

Product

go_ethereum

Version

1.10.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-42319 2023-10-17 22h00 +00:00 Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic.
7.5
High
CVE-2023-40591 2023-09-06 18h07 +00:00 go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.
7.5
High
CVE-2022-37450 2022-08-05 18h30 +00:00 Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022.
5.9
Medium
CVE-2022-29177 2022-05-20 14h20 +00:00 Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack.
5.9
Medium
CVE-2022-23327 2022-03-04 10h24 +00:00 A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service (DoS).
7.5
High
CVE-2021-41173 2021-10-26 12h05 +00:00 Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.
5.7
Medium
CVE-2021-39137 2021-08-24 14h05 +00:00 go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available.
7.5
High