Skip to content

x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: CVE-2021-41173 #256

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
GoVulnBot opened this issue Jan 7, 2022 · 1 comment
Closed

x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: CVE-2021-41173 #256

GoVulnBot opened this issue Jan 7, 2022 · 1 comment
Assignees
@neild
Labels
cve-year-2021 NeedsReport

Comments

@GoVulnBot
Copy link

In CVE-2021-41173, the reference URL github.com/ethereum/go-ethereum (and possibly others) refers to something in Go.

module: github.com/ethereum/go-ethereum
package: go-ethereum
description: |
  Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.
cves:
- CVE-2021-41173
links:
  pr: https://github.com/ethereum/go-ethereum/pull/23801
  commit: https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738
  context:
  - https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9
  - https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v

See doc/triage.md for instructions on how to triage this report.
@julieqiu julieqiu assigned julieqiu and rolandshoemaker and unassigned julieqiu Jan 7, 2022
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/415800 mentions this issue: x/vulndb: add reports/GO-2022-0256.yaml for CVE-2021-41173

@neild neild self-assigned this Jul 2, 2022
@GoVulnBot GoVulnBot mentioned this issue Sep 6, 2023
Closed
@GoVulnBot GoVulnBot mentioned this issue Oct 18, 2023
Closed
This was referenced May 6, 2024
Closed
Closed
@GoVulnBot GoVulnBot mentioned this issue Jan 30, 2025
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@neild neild

Labels
cve-year-2021 NeedsReport
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@neild @rolandshoemaker @julieqiu @gopherbot @GoVulnBot