CVE-2022-29177 Information

Description

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17 a vulnerable node if configured to use high verbosity logging can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround setting loglevel to default level (INFO) makes the node not vulnerable to this attack.

Reference

https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5 https://github.com/ethereum/go-ethereum/pull/24507