Filtered by vendor Ethereum
Subscriptions
Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-37450 | 1 Ethereum | 1 Go Ethereum | 2023-11-07 | 5.9 Medium |
| Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022. | ||||
| CVE-2023-42319 | 1 Ethereum | 1 Go Ethereum | 2023-10-25 | 7.5 High |
| Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic. | ||||
| CVE-2023-36980 | 1 Ethereum | 1 Blockchain | 2023-09-14 | 5.3 Medium |
| An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold. | ||||
| CVE-2023-40591 | 1 Ethereum | 1 Go Ethereum | 2023-09-12 | 7.5 High |
| go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2022-1930 | 1 Ethereum | 1 Eth-account | 2023-07-24 | 7.5 High |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method | ||||
| CVE-2017-14457 | 1 Ethereum | 1 Ethereum Virtual Machine | 2023-01-30 | 8.2 High |
| An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability. | ||||
| CVE-2017-12119 | 1 Ethereum | 1 Cpp-ethereum | 2022-12-14 | 7.5 High |
| An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability. | ||||
| CVE-2017-12118 | 1 Ethereum | 1 Cpp-ethereum | 2022-12-14 | 8.1 High |
| An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability. | ||||
| CVE-2017-12117 | 1 Ethereum | 1 Cpp-ethereum | 2022-12-14 | 8.1 High |
| An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | ||||
| CVE-2017-12116 | 1 Ethereum | 1 Aleth | 2022-12-14 | 8.1 High |
| An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | ||||
| CVE-2017-12115 | 1 Ethereum | 1 Cpp-ethereum | 2022-12-14 | 8.1 High |
| An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. | ||||
| CVE-2017-12114 | 1 Ethereum | 1 Cpp-ethereum | 2022-12-14 | 6.8 Medium |
| An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | ||||
| CVE-2017-12113 | 1 Ethereum | 1 Cpp-ethereum | 2022-12-14 | 8.1 High |
| An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | ||||
| CVE-2017-12112 | 1 Ethereum | 1 Cpp-ethereum | 2022-12-14 | 8.1 High |
| An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | ||||
| CVE-2018-20421 | 1 Ethereum | 1 Go Ethereum | 2022-10-03 | N/A |
| Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of "assembly { mstore }" followed by a "c[0xC800000] = 0xFF" assignment. | ||||
| CVE-2022-29177 | 1 Ethereum | 1 Go Ethereum | 2022-06-06 | 5.9 Medium |
| Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack. | ||||
| CVE-2021-42219 | 1 Ethereum | 1 Go Ethereum | 2022-03-28 | 7.5 High |
| Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go. | ||||
| CVE-2022-23327 | 1 Ethereum | 1 Go Ethereum | 2022-03-17 | 7.5 High |
| A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service (DoS). | ||||
| CVE-2022-23328 | 1 Ethereum | 1 Go Ethereum | 2022-03-17 | 7.5 High |
| A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS). | ||||
| CVE-2021-43668 | 1 Ethereum | 1 Go Ethereum | 2021-11-23 | 5.5 Medium |
| Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal. | ||||