In go-ethereum before version 1.9.25, a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling the LES server; disabling LES prevents the exploit. The vulnerability was patched in version 1.9.25.
In go-ethereum before version 1.9.25, a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling the LES server; disabling LES prevents the exploit. The vulnerability was patched in version 1.9.25.
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q https://github.com/ethereum/go-ethereum/pull/21896 https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46
Workaround ========== This issue can be mitigated by disabling the LES server.