Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DoS via malicious p2p message in Go-Ethereum
Vulnerability Description
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Go Ethereum 资源管理错误漏洞
Vulnerability Description
Go Ethereum是以太坊(Ethereum)社区的一个以太坊协议的官方 Go 实现。 Go Ethereum 1.10.17之前版本存在资源管理错误漏洞。攻击者利用该漏洞节点发送特制 p2p 消息时,会系统导致崩溃。
CVSS Information
N/A
Vulnerability Type
N/A