Primary

Context

go-ethereum Denial-of-Service Vulnerability via Malicious Peer-to-Peer Message

Vulnerability

Patched

A denial-of-service vulnerability has been identified in go-ethereum (geth) versions 1.14.0 prior to 1.14.13. This issue allows a vulnerable node to be forced to shut down or crash by sending a specially crafted message. The problem arises during the peer-to-peer connection handshake, where the EC public key from the remote party is not properly validated. By transmitting an all-zero public key, a crash can be triggered due to unexpected outcomes from the handshake process.

Impact

Exploitation of this vulnerability causes the Ethereum node to crash, disrupting its operation and potentially affecting network participation.

Remediation

Users can upgrade to go-ethereum version 1.14.13 or later to address this vulnerability. No additional workarounds are available.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

9.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

9.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

go-ethereum Denial-of-Service Vulnerability via Malicious Peer-to-Peer Message

Vulnerability

Impact

Remediation

Affected Products

Ethereum go-ethereum

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating