CVE-2023-42319
Summary
| CVE | CVE-2023-42319 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-10-18 06:15:00 UTC |
| Updated | 2023-10-25 17:39:00 UTC |
| Description | Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ethereum | Go Ethereum | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2023-42319 : Geth - DoS through GraphQL - MevSec | MISC | blog.mevsec.com | |
| Security | go-ethereum | MISC | geth.ethereum.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 995627 GO (Go) Security Update for github.com/ethereum/go-ethereum (GHSA-v9jh-j8px-98vq)