Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-ppjg-v974-84cm

GitHub Security Advisory

Go-Ethereum vulnerable to denial of service via malicious p2p message

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact

A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node.

### Details

The p2p handler spawned a new goroutine to respond to `ping` requests. By flooding a node with ping requests, an unbounded number of goroutines can be created, leading to resource exhaustion and potentially crash due to OOM.

### Patches

The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards.

Fixed by https://github.com/ethereum/go-ethereum/pull/27887

### Workarounds

No known workarounds.

### Credits

This bug was reported by Patrick McHardy and reported via [[email protected]](mailto:[email protected]).

### References

Affected Packages

Go github.com/ethereum/go-ethereum
Affected versions: 0 (fixed in 1.12.1-stable)

Related CVEs

CVE-2023-40591

Key Information

GHSA ID
GHSA-ppjg-v974-84cm
Published
September 6, 2023 7:49 PM
Last Modified
November 8, 2023 5:39 PM
CVSS Score
7.5 /10
Primary Ecosystem
Go
Primary Package
github.com/ethereum/go-ethereum
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 13, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.