modules: | |
- module: github.com/ethereum/go-ethereum | |
versions: | |
- fixed: 1.10.9 | |
vulnerable_at: 1.10.8 | |
packages: | |
- package: github.com/ethereum/go-ethereum/eth/protocols/snap | |
symbols: | |
- handleMessage | |
- package: github.com/ethereum/go-ethereum/trie | |
symbols: | |
- Trie.tryGetNode | |
derived_symbols: | |
- SecureTrie.TryGetNode | |
- Trie.TryGetNode | |
description: | | |
A maliciously crafted snap/1 protocol message can cause a panic. | |
published: 2022-07-15T23:08:03Z | |
cves: | |
- CVE-2021-41173 | |
ghsas: | |
- GHSA-59hh-656j-3p7v | |
references: | |
- fix: https://github.com/ethereum/go-ethereum/pull/23657/commits/f1fd963a5a965e643e52fcf805a2a02a323c32b8 |