Vulnerability Description
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15
- https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652
- https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15
- https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652
FAQ
What is CVE-2024-32972?
CVE-2024-32972 is a vulnerability with a CVSS score of 7.5 (HIGH). go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially ...
How severe is CVE-2024-32972?
CVE-2024-32972 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-32972?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.