Denial of Service Vulnerability in Go-Ethereum by Ethereum Foundation
CVE-2021-42219

7.5HIGH

Key Information:

Vendor: Ethereum
Status: Go Ethereum
Vendor: CVE Published:; 17 March 2022

What is CVE-2021-42219?

A vulnerability in Go-Ethereum v1.10.9 allows attackers to exploit the system by sending a high volume of messages to a node, leading to potential denial of service. The root cause stems from insufficient memory management within the /ethash/algorithm.go component, which can overwhelm the processing capabilities of affected nodes. This vulnerability highlights the importance of proper resource allocation and safeguarding against excessive message influxes to maintain service integrity.

References

https://docs.google.com/document/d/1dYFSpNZPC0OV-n1mMqdc2...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2022
Vulnerability Reserved
Oct 11, 2021