Published: 11/12/2020 Updated: 14/12/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 357

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ethereum go ethereum

In go-ethereum before version 1925, a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client This vulnerability only concerns users explicitly enabling the LES server; disabling LES prevents the exploit The vulnerability was patched in version 1925 ...

CWE-400 https://github.com/ethereum/go-ethereum/pull/21896 https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q https://github.com/ethereum/go-ethereum/releases/tag/v1.9.25 https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46 https://nvd.nist.gov https://security.archlinux.org/CVE-2020-26264

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-26264

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect