Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ethereum go ethereum - vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-22419
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't pro...
Vyperlang Vyper
7.5
CVSSv3
CVE-2023-42319
Geth (aka go-ethereum) up to and including 1.13.4, when --http --graphql is used, allows remote malicious users to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is n...
Ethereum Go Ethereum
7.5
CVSSv3
CVE-2023-40591
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stabl...
Ethereum Go Ethereum
7.5
CVSSv3
CVE-2021-42219
Go-Ethereum v1.10.9 exists to contain an issue which allows malicious users to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go.
Ethereum Go Ethereum 1.10.9
7.5
CVSSv3
CVE-2022-23327
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service (DoS).
Ethereum Go Ethereum
7.5
CVSSv3
CVE-2022-23328
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node...
Ethereum Go Ethereum -
7.5
CVSSv3
CVE-2021-39137
go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be ...
Ethereum Go Ethereum
2 Github repositories
7.5
CVSSv3
CVE-2020-26240
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened...
Ethereum Go Ethereum
7.5
CVSSv3
CVE-2020-26242
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.
Ethereum Go Ethereum
7.5
CVSSv3
CVE-2018-20421
Go Ethereum (aka geth) 1.8.19 allows malicious users to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of "assembly { mst...
Ethereum Go Ethereum 1.8.19
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »