blob: 5c7f3299e1a43157828674d875d9774224e7b39f [file] [log] [blame]
id: GO-2021-0075
modules:
- module: github.com/ethereum/go-ethereum
versions:
- fixed: 1.8.11
vulnerable_at: 1.8.11-0.20180605071142-7a22e89080b2
packages:
- package: github.com/ethereum/go-ethereum/les
symbols:
- ProtocolManager.handleMsg
skip_fix: 'TODO: revisit this reason (cannot find module providing package github.com/hashicorp/golang-lru)'
summary: Panic in github.com/ethereum/go-ethereum
description: |-
Due to improper argument validation in RPC messages, a maliciously crafted
message can cause a panic, leading to denial of service.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2018-12018
ghsas:
- GHSA-p5gc-957x-gfw9
references:
- fix: https://github.com/ethereum/go-ethereum/pull/16891
- fix: https://github.com/ethereum/go-ethereum/commit/a5237a27eaf81946a3edb4fafe13ed6359d119e4
- web: https://peckshield.com/2018/06/27/EPoD/