Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ethereum vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2017-14451
An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attack...
Ethereum Ethereum -
1 Github repository
5.9
CVSSv3
CVE-2022-29177
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 cont...
Ethereum Go Ethereum
7.5
CVSSv3
CVE-2023-42319
Geth (aka go-ethereum) up to and including 1.13.4, when --http --graphql is used, allows remote malicious users to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is n...
Ethereum Go Ethereum
7.5
CVSSv3
CVE-2022-23327
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service (DoS).
Ethereum Go Ethereum
7.5
CVSSv3
CVE-2022-23328
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node...
Ethereum Go Ethereum -
7.5
CVSSv3
CVE-2023-40591
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stabl...
Ethereum Go Ethereum
5.9
CVSSv3
CVE-2022-37450
Go Ethereum (aka geth) up to and including 1.10.21 allows malicious users to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in t...
Ethereum Go Ethereum
7.5
CVSSv3
CVE-2018-12018
The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) prior to 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows malicious users to launch a Denial of Service attack by sending a p...
Ethereum Go Ethereum
2 Github repositories
7.5
CVSSv3
CVE-2018-16733
In Go Ethereum (aka geth) prior to 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.
Ethereum Go Ethereum
8.1
CVSSv3
CVE-2017-12112
An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can...
Ethereum Cpp-ethereum -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »