CVE-2021-41173

Name of the Vulnerable Software and Affected Versions Go Ethereum versions prior to 1.10.9

Description A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer, via the snap/1 protocol. The crash can be triggered by sending a malicious snap/1 GetTrieNodes package. In the trie.TryGetNode implementation, if the requested path is reached, the associated node will be returned, but the nilness is not checked, which can cause a panic.

Recommendations For versions prior to 1.10.9, upgrade to version 1.10.9 or apply the patch to resolve the issue. As a temporary workaround, consider restricting access to the snap/1 protocol to minimize the risk of exploitation.