| id: GO-2022-0256 |
| modules: |
| - module: github.com/ethereum/go-ethereum |
| versions: |
| - fixed: 1.10.9 |
| vulnerable_at: 1.10.8 |
| packages: |
| - package: github.com/ethereum/go-ethereum/eth/protocols/snap |
| symbols: |
| - handleMessage |
| - package: github.com/ethereum/go-ethereum/trie |
| symbols: |
| - Trie.tryGetNode |
| derived_symbols: |
| - SecureTrie.TryGetNode |
| - Trie.TryGetNode |
| summary: Panic via maliciously crafted message in github.com/ethereum/go-ethereum |
| description: A maliciously crafted snap/1 protocol message can cause a panic. |
| published: 2022-07-15T23:08:03Z |
| cves: |
| - CVE-2021-41173 |
| ghsas: |
| - GHSA-59hh-656j-3p7v |
| references: |
| - fix: https://github.com/ethereum/go-ethereum/pull/23657/commits/f1fd963a5a965e643e52fcf805a2a02a323c32b8 |
| review_status: REVIEWED |