data/reports/GO-2021-0075.yaml - vulndb - Git at Google

 modules:
   - module: github.com/ethereum/go-ethereum
     versions:
       - fixed: 1.8.11
     packages:
       - package: github.com/ethereum/go-ethereum/les
         symbols:
           - ProtocolManager.handleMsg
         skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
 description: |
     Due to improper argument validation in RPC messages, a maliciously crafted
     message can cause a panic, leading to denial of service.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2018-12018
 references:
   - fix: https://github.com/ethereum/go-ethereum/pull/16891
   - fix: https://github.com/ethereum/go-ethereum/commit/a5237a27eaf81946a3edb4fafe13ed6359d119e4
   - web: https://peckshield.com/2018/06/27/EPoD/
	modules:
	- module: github.com/ethereum/go-ethereum
	versions:
	- fixed: 1.8.11
	packages:
	- package: github.com/ethereum/go-ethereum/les
	symbols:
	- ProtocolManager.handleMsg
	skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
	description: \|
	Due to improper argument validation in RPC messages, a maliciously crafted
	message can cause a panic, leading to denial of service.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2018-12018
	references:
	- fix: https://github.com/ethereum/go-ethereum/pull/16891
	- fix: https://github.com/ethereum/go-ethereum/commit/a5237a27eaf81946a3edb4fafe13ed6359d119e4
	- web: https://peckshield.com/2018/06/27/EPoD/