Vulnerability Description
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ethereum | Go Ethereum | - |
Related Weaknesses (CWE)
References
- http://ethereum.comProduct
- http://go-ethereum.comProduct
- https://dl.acm.org/doi/pdf/10.1145/3460120.3485369ExploitMitigationTechnical Description
- https://tristartom.github.io/docs/ccs21.pdfExploitMitigationTechnical Description
- http://ethereum.comProduct
- http://go-ethereum.comProduct
- https://dl.acm.org/doi/pdf/10.1145/3460120.3485369ExploitMitigationTechnical Description
- https://tristartom.github.io/docs/ccs21.pdfExploitMitigationTechnical Description
FAQ
What is CVE-2022-23328?
CVE-2022-23328 is a vulnerability with a CVSS score of 7.5 (HIGH). A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a vi...
How severe is CVE-2022-23328?
CVE-2022-23328 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23328?
Check the references section above for vendor advisories and patch information. Affected products include: Ethereum Go Ethereum.