data/reports/GO-2022-0256.yaml - vulndb - Git at Google

 modules:
   - module: github.com/ethereum/go-ethereum
     versions:
       - fixed: 1.10.9
     vulnerable_at: 1.10.8
     packages:
       - package: github.com/ethereum/go-ethereum/eth/protocols/snap
         symbols:
           - handleMessage
       - package: github.com/ethereum/go-ethereum/trie
         symbols:
           - Trie.tryGetNode
         derived_symbols:
           - SecureTrie.TryGetNode
           - Trie.TryGetNode
 summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     A maliciously crafted snap/1 protocol message can cause a panic.
 published: 2022-07-15T23:08:03Z
 cves:
   - CVE-2021-41173
 ghsas:
   - GHSA-59hh-656j-3p7v
 references:
   - fix: https://github.com/ethereum/go-ethereum/pull/23657/commits/f1fd963a5a965e643e52fcf805a2a02a323c32b8
	modules:
	- module: github.com/ethereum/go-ethereum
	versions:
	- fixed: 1.10.9
	vulnerable_at: 1.10.8
	packages:
	- package: github.com/ethereum/go-ethereum/eth/protocols/snap
	symbols:
	- handleMessage
	- package: github.com/ethereum/go-ethereum/trie
	symbols:
	- Trie.tryGetNode
	derived_symbols:
	- SecureTrie.TryGetNode
	- Trie.TryGetNode
	summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
	description: \|
	A maliciously crafted snap/1 protocol message can cause a panic.
	published: 2022-07-15T23:08:03Z
	cves:
	- CVE-2021-41173
	ghsas:
	- GHSA-59hh-656j-3p7v
	references:
	- fix: https://github.com/ethereum/go-ethereum/pull/23657/commits/f1fd963a5a965e643e52fcf805a2a02a323c32b8