Denial of Service Vulnerability in Go-Ethereum by Ethereum
CVE-2021-43668

5.5MEDIUM

Key Information:

Vendor: Ethereum
Status: Go Ethereum
Vendor: CVE Published:; 18 November 2021

What is CVE-2021-43668?

A vulnerability exists in Go-Ethereum 1.10.9 that causes nodes to crash upon receiving a specific sequence of messages. This results in a denial of service, as the nodes are unable to recover from the 'runtime error: invalid memory address or nil pointer dereference', leading to a segmentation fault (SEGV). Network disruptions can significantly impact operations, making it essential for users to address this issue promptly.

References

https://github.com/ethereum/go-ethereum/issues/23866

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2021
Vulnerability Reserved
Nov 15, 2021