Primary

Context

go-ethereum Denial-of-Service Vulnerability via Malicious P2P Message

Vulnerability

Patched

A denial-of-service vulnerability has been identified in go-ethereum (geth) versions through 1.16.7. Affected nodes can be forced to shut down or crash by sending a specially crafted message. This issue has been addressed in version 1.16.8.

Impact

Exploitation of this vulnerability leads to a forced shutdown or crash of the affected node.

Reproduction

The vulnerability can be reproduced by sending a maliciously crafted P2P message to a node running an affected version of go-ethereum. The node will then shut down or crash in response to the message.

Remediation

Users can upgrade to go-ethereum version 1.16.8 or later to address this vulnerability.

Added: Jan 13, 2026, 9:42 PM

Updated: Jan 13, 2026, 9:42 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

9.3

remediation

7.7

relevance

2.0

threat

4.8

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

9.3

remediation

7.7

relevance

2.0

threat

4.8

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

go-ethereum Denial-of-Service Vulnerability via Malicious P2P Message

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Ethereum go-ethereum

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating