CVE-2020-26264
MEDIUM6.5EPSS 0.49%Denial of service in github.com/ethereum/go-ethereum
發布日:2021/6/29修改日:2026/3/13
描述
### Impact A DoS vulnerability can make a LES server crash via malicious `GetProofsV2` request from a connected LES client. ### Patches The vulnerability was patched in https://github.com/ethereum/go-ethereum/pull/21896. ### Workarounds This vulnerability only concerns users explicitly enabling `les` server; disabling `les` prevents the exploit. It can also be patched by manually applying the patch in https://github.com/ethereum/go-ethereum/pull/21896. ### For more information If you have any questions or comments about this advisory: * Open an issue in [go-ethereum](https://github.com/ethereum/go-ethereum) * Email us at [[email protected]](mailto:[email protected])
受影響套件(2)
- Go/github.com/ethereum/go-ethereumfrom 0, < 1.9.25
- Go/github.com/ethereum/go-ethereumfrom 0, < 1.9.25
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-26264
- PATCHhttps://github.com/ethereum/go-ethereum
- WEBhttps://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46
- WEBhttps://github.com/ethereum/go-ethereum/pull/21896
- WEBhttps://github.com/ethereum/go-ethereum/releases/tag/v1.9.25
- WEBhttps://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q
- WEBhttps://pkg.go.dev/vuln/GO-2021-0063