Primary

Context

go-ethereum Denial-of-Service Vulnerability via Malicious p2p Message

Vulnerability

Patched

A denial-of-service vulnerability has been identified in go-ethereum (geth) versions prior to 1.17.0. An attacker can exploit this vulnerability by sending a specially-crafted p2p message, leading to high memory usage.

Impact

Exploitation of this vulnerability causes excessive memory consumption, which can degrade performance or cause the application to become unresponsive.

Remediation

Users can upgrade to go-ethereum version 1.17.0 or later to address this vulnerability. Instructions for downloading this version are available on the Geth downloads page.

Added: Feb 19, 2026, 9:25 PM

Updated: Feb 19, 2026, 9:25 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

8.3

remediation

7.7

relevance

3.1

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

8.3

remediation

7.7

relevance

3.1

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

go-ethereum Denial-of-Service Vulnerability via Malicious p2p Message

Vulnerability

Impact

Remediation

Affected Products

Ethereum go-ethereum

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating