CVE-2024-32972
CVSS V2 None
CVSS V3 None
Description
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards.
Overview
- CVE ID
- CVE-2024-32972
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-05-06T14:26:19.510Z
- Last Modified Date
- 2024-06-04T17:50:49.796Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652 | x_refsource_CONFIRM |
| https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-32972 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32972 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 08:22:28 | Added to TrackCVE |