-
Notifications
You must be signed in to change notification settings - Fork 61
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Aliases: CVE-2024-32972, GHSA-4xc9-8hmq-j652 Fixes #2819 Fixes #2820 Change-Id: I6182f6ef7baa44c93281c13ce26dcb9668a19921 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/584157 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>
- Loading branch information
1 parent
dae7e35
commit 36b9d1c
Showing
2 changed files
with
70 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-2819", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-32972", | ||
| "GHSA-4xc9-8hmq-j652" | ||
| ], | ||
| "summary": "Denial of Service in github.com/ethereum/go-ethereum", | ||
| "details": "A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. This can result in a denial of service as the node runs out of memory.", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/ethereum/go-ethereum", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "1.13.15" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/advisories/GHSA-4xc9-8hmq-j652" | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "name": "DongHan Kim" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-2819" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| id: GO-2024-2819 | ||
| modules: | ||
| - module: github.com/ethereum/go-ethereum | ||
| versions: | ||
| - fixed: 1.13.15 | ||
| vulnerable_at: 1.13.14 | ||
| summary: Denial of Service in github.com/ethereum/go-ethereum | ||
| description: |- | ||
| A vulnerable node can be made to consume very large amounts of memory when | ||
| handling specially crafted p2p messages sent from an attacker node. This can | ||
| result in a denial of service as the node runs out of memory. | ||
| cves: | ||
| - CVE-2024-32972 | ||
| ghsas: | ||
| - GHSA-4xc9-8hmq-j652 | ||
| credits: | ||
| - DongHan Kim | ||
| references: | ||
| - advisory: https://github.com/advisories/GHSA-4xc9-8hmq-j652 | ||
| source: | ||
| id: GHSA-4xc9-8hmq-j652 | ||
| created: 2024-05-08T13:36:16.906049-07:00 |