x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-m6gx-rhvj-fh52

[GoVulnBot]

In GitHub Security Advisory GHSA-m6gx-rhvj-fh52, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/ethereum/go-ethereum	1.9.24	< 1.9.24

See doc/triage.md for instructions on how to triage this report.

package: github.com/ethereum/go-ethereum
versions:
  - introduced: v0.0.0
    fixed: v1.9.24
description: "### Impact\nVersions of Geth built with Go `<1.15.5` or `<1.14.12` are
    most likely affected by a critical DoS-related security vulnerability. The golang
    team has registered the underlying flaw as ‘CVE-2020-28362’.\n\nWe recommend all
    users to rebuild (ideally `v1.9.24`) with Go `1.15.5` or `1.14.12`, to avoid node
    crashes. Alternatively, if you are running binaries distributed via one of our
    official channels, we’re going to release `v1.9.24` ourselves built with Go `1.15.5`.\n\n###
    Patches\nThis is not an issue in go-ethereum, rebuilding an older version with
    Go `1.15.5` or `1.14.12` will suffice to address the vulnerability. \n\n### Workarounds\nRebuilding
    with Go `1.15.5` or `1.14.12` will suffice to address the vulnerability. \n\n###
    References\n- https://blog.ethereum.org/2020/11/12/geth_security_release/\n- https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM\n\n###
    For more information\nIf you have any questions or comments about this advisory:\n*
    Open an issue in [go-ethereum](https://github.com/ethereum/go-ethereum)\n* Email
    us at [security@ethereum.org](mailto:security@ethereum.org)\n"
published: 2021-06-29T21:13:54Z
last_modified: 2021-10-08T21:25:44Z
ghsas:
  - GHSA-m6gx-rhvj-fh52

[neild]

Vulnerability in tool (and dupe of CVE-2020-28362).

[gopherbot]

Change https://go.dev/cl/592767 mentions this issue: data/reports: unexclude 50 reports

[gopherbot]

Change https://go.dev/cl/607217 mentions this issue: data/reports: unexclude 20 reports (15)