Denial of service in go-ethereum due to CVE-2020-28362
Critical severity
GitHub Reviewed
Published
Nov 24, 2020
in
ethereum/go-ethereum
•
Updated Jan 9, 2023
Package
Affected versions
< 1.9.24
Patched versions
1.9.24
Description
Reviewed
May 21, 2021
Published to the GitHub Advisory Database
Jun 29, 2021
Last updated
Jan 9, 2023
Impact
Versions of Geth built with Go
<1.15.5
or<1.14.12
are most likely affected by a critical DoS-related security vulnerability. The golang team has registered the underlying flaw as ‘CVE-2020-28362’.We recommend all users to rebuild (ideally
v1.9.24
) with Go1.15.5
or1.14.12
, to avoid node crashes. Alternatively, if you are running binaries distributed via one of our official channels, we’re going to releasev1.9.24
ourselves built with Go1.15.5
.Patches
This is not an issue in go-ethereum, rebuilding an older version with Go
1.15.5
or1.14.12
will suffice to address the vulnerability.Workarounds
Rebuilding with Go
1.15.5
or1.14.12
will suffice to address the vulnerability.References
For more information
If you have any questions or comments about this advisory:
References