CVE-2021-41173 Information

Jun 07, 2022 cve

Description

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9 a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Reference

https://github.com/ethereum/go-ethereum/pull/23801 https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9 https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.7

Share on: