Donghan Kim

**Name of the Vulnerable Software and Affected Versions** go-ethereum (geth) versions prior to 1.13.15 **Description** A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node, potentially resulting in a denial of service as the node runs out of memory. The attack involves establishing a peer connection to the victim and sending a malicious `GetBlockHeadersRequest` message with a `count` of `0` using the `ETH` protocol, which due to integer overflow, allows an attacker to bypass `maxHeadersServe` and request all headers from the latest block back to the genesis block. **Recommendations** For go-ethereum (geth) versions prior to 1.13.15, update to version 1.13.15 or later to resolve the issue. As a temporary workaround, consider restricting peer connections to trusted nodes to minimize the risk of exploitation. Avoid using the `GetBlockHeadersRequest` message with a `count` of `0` until the issue is resolved.