Vulnerability Description
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service (DoS).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ethereum | Go Ethereum | <= 1.10.12 |
References
- http://ethereum.comBroken LinkNot Applicable
- http://go-ethereum.comBroken Link
- https://dl.acm.org/doi/pdf/10.1145/3460120.3485369ExploitMitigationTechnical Description
- https://tristartom.github.io/docs/ccs21.pdfExploitMitigationTechnical Description
- http://ethereum.comBroken LinkNot Applicable
- http://go-ethereum.comBroken Link
- https://dl.acm.org/doi/pdf/10.1145/3460120.3485369ExploitMitigationTechnical Description
- https://tristartom.github.io/docs/ccs21.pdfExploitMitigationTechnical Description
FAQ
What is CVE-2022-23327?
CVE-2022-23327 is a vulnerability with a CVSS score of 7.5 (HIGH). A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a ...
How severe is CVE-2022-23327?
CVE-2022-23327 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23327?
Check the references section above for vendor advisories and patch information. Affected products include: Ethereum Go Ethereum.