CVE-2024-32972 – github.com/ethereum/go-ethereum

Package

Manager: go
Name: github.com/ethereum/go-ethereum
Vulnerable Version: >=0 <1.13.15

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0077 pctl0.72609

Details

go-ethereum vulnerable to DoS via malicious p2p message ### Impact A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. In order to carry out the attack, the attacker establishes a peer connections to the victim, and sends a malicious `GetBlockHeadersRequest` message with a `count` of `0`, using the `ETH` protocol. In `descendants := chain.GetHeadersFrom(num+count-1, count-1)`, the value of `count-1` is passed to the function `GetHeadersFrom(number, count uint64)` as parameter `count`. Due to integer overflow, `UINT64_MAX` value is then passed as the `count` argument to function `GetHeadersFrom(number, count uint64)`. This allows an attacker to bypass `maxHeadersServe` and request all headers from the latest block back to the genesis block. ### Patches The fix has been included in geth version `1.13.15` and onwards. The vulnerability was patched in: https://github.com/ethereum/go-ethereum/pull/29534 ### Workarounds No workarounds have been made public. ### References No more information is released at this time. ### Credit This issue was disclosed responsibly by DongHan Kim via the Ethereum bug bounty program. Thank you for your cooperation.

Metadata

Created: 2024-05-06T14:20:40Z
Modified: 2024-08-16T18:15:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-4xc9-8hmq-j652/GHSA-4xc9-8hmq-j652.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-4xc9-8hmq-j652
Finding: F067
Auto approve: 1