Denial of Service in Go-Ethereum
High severity
GitHub Reviewed
Published
Mar 5, 2022
to the GitHub Advisory Database
•
Updated Feb 3, 2023
Package
Affected versions
<= 1.10.16
Patched versions
None
Description
Published by the National Vulnerability Database
Mar 4, 2022
Published to the GitHub Advisory Database
Mar 5, 2022
Reviewed
Mar 9, 2022
Last updated
Feb 3, 2023
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS).
References