PT-2018-15365 · Ethereum · Go-Ethereum
Lcatroo
·
Published
2018-12-24
·
Updated
2019-10-03
·
CVE-2018-20421
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Go Ethereum (aka geth) version 1.8.19
Description
The issue allows attackers to cause a denial of service due to memory consumption. This can be achieved by rewriting the length of a dynamic array in memory and then writing data to a single memory location with a large index number. An example of this exploit involves using
assembly { mstore } followed by a c[0xC800000] = 0xFF assignment.Recommendations
For Go Ethereum (aka geth) version 1.8.19, update to a newer version that contains a fix for this issue to prevent denial of service attacks.
Exploit
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Go-Ethereum