data/reports/GO-2021-0063.yaml - vulndb - Git at Google

 id: GO-2021-0063
 modules:
     - module: github.com/ethereum/go-ethereum
       versions:
         - fixed: 1.9.25
       vulnerable_at: 1.9.24
       packages:
         - package: github.com/ethereum/go-ethereum/les
           symbols:
             - serverHandler.handleMsg
           derived_symbols:
             - PrivateLightServerAPI.Benchmark
 summary: |-
     Nil pointer dereference via malicious RPC message in
     github.com/ethereum/go-ethereum
 description: |-
     Due to a nil pointer dereference, a maliciously crafted RPC message can cause a
     panic. If handling RPC messages from untrusted clients, this may be used as a
     denial of service vector.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2020-26264
 ghsas:
     - GHSA-r33q-22hv-j29q
 credits:
     - '@zsfelfoldi'
 references:
     - fix: https://github.com/ethereum/go-ethereum/pull/21896
     - fix: https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46
	id: GO-2021-0063
	modules:
	- module: github.com/ethereum/go-ethereum
	versions:
	- fixed: 1.9.25
	vulnerable_at: 1.9.24
	packages:
	- package: github.com/ethereum/go-ethereum/les
	symbols:
	- serverHandler.handleMsg
	derived_symbols:
	- PrivateLightServerAPI.Benchmark
	summary: \|-
	Nil pointer dereference via malicious RPC message in
	github.com/ethereum/go-ethereum
	description: \|-
	Due to a nil pointer dereference, a maliciously crafted RPC message can cause a
	panic. If handling RPC messages from untrusted clients, this may be used as a
	denial of service vector.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2020-26264
	ghsas:
	- GHSA-r33q-22hv-j29q
	credits:
	- '@zsfelfoldi'
	references:
	- fix: https://github.com/ethereum/go-ethereum/pull/21896
	- fix: https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46