Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-wjxw-gh3m-7pm5

GitHub Security Advisory

DoS via malicious p2p message in Go Ethereum

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact

A vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node.

### Patches

The following PR addresses the problem: https://github.com/ethereum/go-ethereum/pull/24507

### Workarounds

Aside from applying the PR linked above, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack.

### Credits

This bug was reported by `nrv` via [email protected], who has gracefully requested that the bounty rewards be donated to Médecins sans frontières.

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [go-ethereum](https://github.com/ethereum/go-ethereum)

Affected Packages

Go github.com/ethereum/go-ethereum
Affected versions: 0 (fixed in 1.10.17)

Related CVEs

CVE-2022-29177

Key Information

GHSA ID
GHSA-wjxw-gh3m-7pm5
Published
May 24, 2022 8:54 PM
Last Modified
June 7, 2022 2:30 PM
CVSS Score
5.0 /10
Primary Ecosystem
Go
Primary Package
github.com/ethereum/go-ethereum
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 13, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.