blob: 8c44aeb0ebf70579444f6b0633ab43f20593d289 [file] [log] [blame]
id: GO-2021-0063
modules:
- module: github.com/ethereum/go-ethereum
versions:
- fixed: 1.9.25
vulnerable_at: 1.9.24
packages:
- package: github.com/ethereum/go-ethereum/les
symbols:
- serverHandler.handleMsg
derived_symbols:
- PrivateLightServerAPI.Benchmark
summary: |-
Nil pointer dereference via malicious RPC message in
github.com/ethereum/go-ethereum
description: |-
Due to a nil pointer dereference, a maliciously crafted RPC message can cause a
panic. If handling RPC messages from untrusted clients, this may be used as a
denial of service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-26264
ghsas:
- GHSA-r33q-22hv-j29q
credits:
- '@zsfelfoldi'
references:
- fix: https://github.com/ethereum/go-ethereum/pull/21896
- fix: https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46
review_status: REVIEWED