data/reports/GO-2022-0256.yaml - vulndb - Git at Google

 id: GO-2022-0256
 modules:
     - module: github.com/ethereum/go-ethereum
       versions:
         - fixed: 1.10.9
       vulnerable_at: 1.10.8
       packages:
         - package: github.com/ethereum/go-ethereum/eth/protocols/snap
           symbols:
             - handleMessage
         - package: github.com/ethereum/go-ethereum/trie
           symbols:
             - Trie.tryGetNode
           derived_symbols:
             - SecureTrie.TryGetNode
             - Trie.TryGetNode
 summary: Panic via maliciously crafted message in github.com/ethereum/go-ethereum
 description: A maliciously crafted snap/1 protocol message can cause a panic.
 published: 2022-07-15T23:08:03Z
 cves:
     - CVE-2021-41173
 ghsas:
     - GHSA-59hh-656j-3p7v
 references:
     - fix: https://github.com/ethereum/go-ethereum/pull/23657/commits/f1fd963a5a965e643e52fcf805a2a02a323c32b8
	id: GO-2022-0256
	modules:
	- module: github.com/ethereum/go-ethereum
	versions:
	- fixed: 1.10.9
	vulnerable_at: 1.10.8
	packages:
	- package: github.com/ethereum/go-ethereum/eth/protocols/snap
	symbols:
	- handleMessage
	- package: github.com/ethereum/go-ethereum/trie
	symbols:
	- Trie.tryGetNode
	derived_symbols:
	- SecureTrie.TryGetNode
	- Trie.TryGetNode
	summary: Panic via maliciously crafted message in github.com/ethereum/go-ethereum
	description: A maliciously crafted snap/1 protocol message can cause a panic.
	published: 2022-07-15T23:08:03Z
	cves:
	- CVE-2021-41173
	ghsas:
	- GHSA-59hh-656j-3p7v
	references:
	- fix: https://github.com/ethereum/go-ethereum/pull/23657/commits/f1fd963a5a965e643e52fcf805a2a02a323c32b8