CVE-2018-16733

Name of the Vulnerable Software and Affected Versions Go Ethereum versions prior to 1.8.14

Description The issue arises from improper input validation in the TraceChain function within the eth/api tracer.go file. Specifically, it does not verify that the end block is after the start block. This affects the github.com/ethereum/go-ethereum/eth package.

Recommendations For versions prior to 1.8.14, update to version 1.8.14 or later to resolve the issue. As a temporary workaround, consider validating block ranges manually to ensure the end block is after the start block until a patch is applied. Restrict access to the TraceChain function in the eth/api tracer.go file to minimize the risk of exploitation.