reports/GO-2021-0063.yaml - vulndb - Git at Google

 module: github.com/ethereum/go-ethereum
 package: github.com/ethereum/go-ethereum/les
 versions:
   - fixed: v1.9.25
 description: |
   Due to a nil pointer dereference, a malicously crafted RPC message
   can cause a panic. If handling RPC messages from untrusted clients,
   this may be used as a denial of service vector.
 cves:
   - CVE-2020-26264
 credit: "@zsfelfoldi"
 symbols:
   - serverHandler.handleMsg
 links:
   pr: https://github.com/ethereum/go-ethereum/pull/21896
   commit: https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46
	module: github.com/ethereum/go-ethereum
	package: github.com/ethereum/go-ethereum/les
	versions:
	- fixed: v1.9.25
	description: \|
	Due to a nil pointer dereference, a malicously crafted RPC message
	can cause a panic. If handling RPC messages from untrusted clients,
	this may be used as a denial of service vector.
	cves:
	- CVE-2020-26264
	credit: "@zsfelfoldi"
	symbols:
	- serverHandler.handleMsg
	links:
	pr: https://github.com/ethereum/go-ethereum/pull/21896
	commit: https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46