blob: 0d4c38acdc96475145d3fb4da73eda470b947ea5 [file] [log] [blame]
id: GO-2022-0256
modules:
- module: github.com/ethereum/go-ethereum
versions:
- fixed: 1.10.9
vulnerable_at: 1.10.8
packages:
- package: github.com/ethereum/go-ethereum/eth/protocols/snap
symbols:
- handleMessage
- package: github.com/ethereum/go-ethereum/trie
symbols:
- Trie.tryGetNode
derived_symbols:
- SecureTrie.TryGetNode
- Trie.TryGetNode
summary: Panic via maliciously crafted message in github.com/ethereum/go-ethereum
description: A maliciously crafted snap/1 protocol message can cause a panic.
published: 2022-07-15T23:08:03Z
cves:
- CVE-2021-41173
ghsas:
- GHSA-59hh-656j-3p7v
references:
- fix: https://github.com/ethereum/go-ethereum/pull/23657/commits/f1fd963a5a965e643e52fcf805a2a02a323c32b8
review_status: REVIEWED