DoS via malicious p2p message in Go-Ethereum
CVE-2022-29177
5.9MEDIUM
What is CVE-2022-29177?
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (INFO
) makes the node not vulnerable to this attack.
Affected Version(s)
go-ethereum < 1.10.17