CVE-2022-29177

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Go Ethereum versions prior to 1.10.17

Description A vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node.

Recommendations For versions prior to 1.10.17, update to version 1.10.17 to resolve the issue. As a temporary workaround, setting loglevel to default level (INFO) makes the node not vulnerable to this attack.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2022-29177

GHSA-WJXW-GH3M-7PM5

GO-2022-0456

OPENSUSE-SU-2025:15424-1

Affected Products

Go-Ethereum

CVE-2022-29177

Weakness Enumeration

Related Identifiers

Affected Products

References · 54