blob: 516e301bb7362702960df9f6d9bc97fc71914301 [file] [log] [blame]
module: github.com/ethereum/go-ethereum
package: github.com/ethereum/go-ethereum/les
versions:
- fixed: v1.9.25
description: |
Due to a nil pointer dereference, a malicously crafted RPC message
can cause a panic. If handling RPC messages from untrusted clients,
this may be used as a denial of service vector.
published: 2021-04-14T12:00:00Z
cve: CVE-2020-26264
credit: "@zsfelfoldi"
symbols:
- serverHandler.handleMsg
links:
pr: https://github.com/ethereum/go-ethereum/pull/21896
commit: https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46