Skip to content

x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-5m8f-chrv-7rw5 #555

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
julieqiu opened this issue Aug 1, 2022 · 2 comments
Closed

x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-5m8f-chrv-7rw5 #555

julieqiu opened this issue Aug 1, 2022 · 2 comments
Assignees
@tatianab
Labels
excluded: NOT_IMPORTABLE This vulnerability only exists in a binary and is not importable.

Comments

@julieqiu
Copy link
Member

julieqiu commented Aug 1, 2022

In GitHub Security Advisory GHSA-5m8f-chrv-7rw5, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/ethereum/go-ethereum <= 1.10.9

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: github.com/ethereum/go-ethereum
    versions:
      - {}
description: 'Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a
    serial of messages and cannot be recovered. They will crash with "runtime error:
    invalid memory address or nil pointer dereference" and arise a SEGV signal.'
published: 2021-11-23T18:04:47Z
last_modified: 2021-11-24T19:38:54Z
cves:
  - CVE-2021-43668
ghsas:
  - GHSA-5m8f-chrv-7rw5
links:
    context:
      - https://github.com/advisories/GHSA-5m8f-chrv-7rw5
@tatianab tatianab assigned tatianab and unassigned tatianab Aug 4, 2022
@tatianab
Copy link
Contributor

tatianab commented Aug 9, 2022

Applies to command geth, not importable

@tatianab tatianab closed this as completed Aug 9, 2022
@neild neild added excluded: NOT_IMPORTABLE This vulnerability only exists in a binary and is not importable. and removed NotGoVuln NeedsTriage labels Aug 10, 2022
@GoVulnBot GoVulnBot mentioned this issue Sep 6, 2023
Closed
@GoVulnBot GoVulnBot mentioned this issue Oct 18, 2023
Closed
This was referenced May 6, 2024
Closed
Closed
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/592768 mentions this issue: data/reports: unexclude 50 reports

@GoVulnBot GoVulnBot mentioned this issue Jan 30, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tatianab tatianab

Labels
excluded: NOT_IMPORTABLE This vulnerability only exists in a binary and is not importable.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@neild @julieqiu @tatianab @gopherbot