CVE-2020-26264
Summary
| CVE | CVE-2020-26264 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-12-11 17:15:00 UTC |
|---|
| Updated | 2020-12-14 18:06:00 UTC |
|---|
| Description | Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| LES Server DoS via GetProofsV2 · Advisory · ethereum/go-ethereum · GitHub |
CONFIRM |
github.com |
Third Party Advisory |
| les: fix GetProofsV2 bug (#21896) · ethereum/go-ethereum@bddd103 · GitHub |
MISC |
github.com |
Patch, Third Party Advisory |
| Release Marljeh (v1.9.25) · ethereum/go-ethereum · GitHub |
MISC |
github.com |
Third Party Advisory |
| les: fix GetProofsV2 bug by zsfelfoldi · Pull Request #21896 · ethereum/go-ethereum · GitHub |
MISC |
github.com |
Patch, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 982037 Go (go) Security Update for github.com/ethereum/go-ethereum/les (GHSA-r33q-22hv-j29q)
