| id: GO-2021-0075 |
| modules: |
| - module: github.com/ethereum/go-ethereum |
| versions: |
| - fixed: 1.8.11 |
| vulnerable_at: 1.8.11-0.20180605071142-7a22e89080b2 |
| packages: |
| - package: github.com/ethereum/go-ethereum/les |
| symbols: |
| - ProtocolManager.handleMsg |
| skip_fix: 'TODO: revisit this reason (cannot find module providing package github.com/hashicorp/golang-lru)' |
| summary: |- |
| Panic due to improper validation of RPC messages in |
| github.com/ethereum/go-ethereum |
| description: |- |
| Due to improper argument validation in RPC messages, a maliciously crafted |
| message can cause a panic, leading to denial of service. |
| published: 2021-04-14T20:04:52Z |
| cves: |
| - CVE-2018-12018 |
| ghsas: |
| - GHSA-p5gc-957x-gfw9 |
| references: |
| - fix: https://github.com/ethereum/go-ethereum/pull/16891 |
| - fix: https://github.com/ethereum/go-ethereum/commit/a5237a27eaf81946a3edb4fafe13ed6359d119e4 |
| review_status: REVIEWED |