blob: ee3b73028e80f5f2ca58e25adaa4b87cab3e6796 [file] [log] [blame]
id: GO-2021-0063
modules:
- module: github.com/ethereum/go-ethereum
versions:
- fixed: 1.9.25
vulnerable_at: 1.9.24
packages:
- package: github.com/ethereum/go-ethereum/les
symbols:
- serverHandler.handleMsg
derived_symbols:
- PrivateLightServerAPI.Benchmark
summary: Panic in github.com/ethereum/go-ethereum
description: |-
Due to a nil pointer dereference, a maliciously crafted RPC message can cause a
panic. If handling RPC messages from untrusted clients, this may be used as a
denial of service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-26264
ghsas:
- GHSA-r33q-22hv-j29q
credits:
- '@zsfelfoldi'
references:
- fix: https://github.com/ethereum/go-ethereum/pull/21896
- fix: https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46