Memory Consumption Vulnerability in Ethereum Implementation by Go-Ethereum
CVE-2024-32972
7.5HIGH
What is CVE-2024-32972?
The go-ethereum implementation, also known as geth, is a critical execution layer for the Ethereum protocol. Prior to version 1.13.15, a vulnerability existed that allowed an attacker to send specially crafted peer-to-peer (p2p) messages to a vulnerable node, leading to excessive memory consumption. This severe flaw could destabilize the affected node, making it susceptible to denial-of-service attacks. The issue has been addressed and patched in version 1.13.15 and later. Users and administrators of go-ethereum are strongly encouraged to upgrade to the latest version to protect their nodes from potential exploits.
Affected Version(s)
go-ethereum < 1.13.15