blob: d39b7f050ab053c63b04a5fd402a2ba056e85aca [file] [log] [blame]
packages:
- module: github.com/ethereum/go-ethereum
package: github.com/ethereum/go-ethereum/les
symbols:
- serverHandler.handleMsg
derived_symbols:
- PrivateLightServerAPI.Benchmark
versions:
- fixed: v1.9.25
description: |
Due to a nil pointer dereference, a malicously crafted RPC message
can cause a panic. If handling RPC messages from untrusted clients,
this may be used as a denial of service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-26264
ghsas:
- GHSA-r33q-22hv-j29q
credit: '@zsfelfoldi'
links:
pr: https://github.com/ethereum/go-ethereum/pull/21896
commit: https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46