Ethereum go-ethereum
cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*
- <= 1.16.8
A denial-of-service vulnerability has been identified in go-ethereum (geth) versions prior to 1.16.9. Affected nodes can be forced to shut down or crash by sending a specially crafted message. This issue has been addressed in the v1.16.9 and v1.17.0 releases of Geth.
Exploitation of this vulnerability causes the affected node to shut down or crash.
Users can upgrade to Geth versions 1.16.9 or 1.17.0 to address this vulnerability. After upgrading, it is recommended to recreate the P2P node key by removing the 'DATADIR/geth/nodekey' file before restarting Geth. Note that this will change the P2P node ID, which may disrupt static peering setups.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.