CNNVD-202506-3699 Information
CNNVD ID
CNNVD-202506-3699
Related CVE
- CNNVD Published: 2025-06-29
Description (Chinese)
Ethereum RLPx是Ethereum公司的一种基于 TCP 的传输协议,用于以太坊节点之间的通信。 Ethereum RLPx存在安全漏洞,该漏洞源于基于相同密钥、IV和随机数的两个CTR流,可能促进私有网络上的解密。
Description (English)
Etheum RLPx is a TCP-based transmission protocol of Etheleum for communications between the Etherem nodes. The Etheum RLPx has a security loophole, which stems from two CTR streams based on the same key, IV and random numbers, which may facilitate declassification on private networks.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
以太坊
Published
2025-06-29
Last Modified
2026-02-24
References
https://github.com/ethereum/go-ethereum/issues/1315 https://github.com/hyperledger/besu/issues/7926 https://github.com/ethereum/devp2p/issues/32 https://github.com/LaurentMT/go-ethereum/commit/e8cba7283b57280b1bcf5761478f852398365901 https://github.com/ethereum/devp2p/blob/master/rlpx.md#known-issues-in-the-current-version https://access.redhat.com/security/cve/cve-2015-20112
Patch
https://github.com/ethereum/devp2p/blob/master/rlpx.md
Share on: