Vulnerabilities > CVE-2023-40591 - Unspecified vulnerability in Ethereum GO Ethereum

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

ethereum

NVD

Published: 2023-09-06

Updated: 2024-11-21

Summary

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Ethereum Ethereum GO Ethereum 1.10.0 Ethereum GO Ethereum 1.10.1 Ethereum GO Ethereum 1.10.2 Ethereum GO Ethereum 1.10.3 Ethereum GO Ethereum 1.10.4 Ethereum GO Ethereum 1.10.5 Ethereum GO Ethereum 1.10.6 Ethereum GO Ethereum 1.10.7 Ethereum GO Ethereum 1.10.8 Ethereum GO Ethereum 1.10.9 Ethereum GO Ethereum 1.10.10 Ethereum GO Ethereum 1.10.11 Ethereum GO Ethereum 1.10.12 Ethereum GO Ethereum 1.10.13 Ethereum GO Ethereum 1.10.14 Ethereum GO Ethereum 1.10.15 Ethereum GO Ethereum 1.10.16 Ethereum GO Ethereum 1.10.17 Ethereum GO Ethereum 1.10.18 Ethereum GO Ethereum 1.10.19 Ethereum GO Ethereum 1.10.20 Ethereum GO Ethereum 1.10.21 Ethereum GO Ethereum 1.10.22 Ethereum GO Ethereum 1.10.23 Ethereum GO Ethereum 1.10.24 Ethereum GO Ethereum 1.10.25 Ethereum GO Ethereum 1.10.26 Ethereum GO Ethereum 1.11.0 Ethereum GO Ethereum 1.11.1 Ethereum GO Ethereum 1.11.2 Ethereum GO Ethereum 1.11.3 Ethereum GO Ethereum 1.11.4 Ethereum GO Ethereum 1.11.5 Ethereum GO Ethereum 1.11.6 Ethereum GO Ethereum 1.12.0	35

Summary

Vulnerable Configurations

References