reports/GO-2021-0063.yaml - vulndb - Git at Google

 packages:
   - module: github.com/ethereum/go-ethereum
     package: github.com/ethereum/go-ethereum/les
     symbols:
       - serverHandler.handleMsg
     derived_symbols:
       - PrivateLightServerAPI.Benchmark
     versions:
       - fixed: 1.9.25
 description: |
     Due to a nil pointer dereference, a malicously crafted RPC message
     can cause a panic. If handling RPC messages from untrusted clients,
     this may be used as a denial of service vector.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2020-26264
 ghsas:
   - GHSA-r33q-22hv-j29q
 credit: '@zsfelfoldi'
 links:
     pr: https://github.com/ethereum/go-ethereum/pull/21896
     commit: https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46
	packages:
	- module: github.com/ethereum/go-ethereum
	package: github.com/ethereum/go-ethereum/les
	symbols:
	- serverHandler.handleMsg
	derived_symbols:
	- PrivateLightServerAPI.Benchmark
	versions:
	- fixed: 1.9.25
	description: \|
	Due to a nil pointer dereference, a malicously crafted RPC message
	can cause a panic. If handling RPC messages from untrusted clients,
	this may be used as a denial of service vector.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2020-26264
	ghsas:
	- GHSA-r33q-22hv-j29q
	credit: '@zsfelfoldi'
	links:
	pr: https://github.com/ethereum/go-ethereum/pull/21896
	commit: https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46