{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32972", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-22T15:14:59.165Z", "datePublished": "2024-05-06T14:26:19.510Z", "dateUpdated": "2024-08-02T02:27:53.323Z"}, "containers": {"cna": {"title": "go-ethereum denial of service via malicious p2p message", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652"}, {"name": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15", "tags": ["x_refsource_MISC"], "url": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15"}], "affected": [{"vendor": "ethereum", "product": "go-ethereum", "versions": [{"version": "< 1.13.15", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-06T14:26:19.510Z"}, "descriptions": [{"lang": "en", "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards."}], "source": {"advisory": "GHSA-4xc9-8hmq-j652", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32972", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-09T19:07:59.118874Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ethereum:go_ethereum:-:*:*:*:*:*:*:*"], "vendor": "ethereum", "product": "go_ethereum", "versions": [{"status": "affected", "version": "0", "lessThan": "1.13.15", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:50:49.796Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:27:53.323Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652"}, {"name": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652", "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15", "name": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:27:53.323Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32972", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-09T19:07:59.118874Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ethereum:go_ethereum:-:*:*:*:*:*:*:*"], "vendor": "ethereum", "product": "go_ethereum", "versions": [{"status": "affected", "version": "0", "lessThan": "1.13.15", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-09T19:04:42.612Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "go-ethereum denial of service via malicious p2p message", "source": {"advisory": "GHSA-4xc9-8hmq-j652", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ethereum", "product": "go-ethereum", "versions": [{"status": "affected", "version": "< 1.13.15"}]}], "references": [{"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652", "name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15", "name": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-06T14:26:19.510Z"}}}, "cveMetadata": {"cveId": "CVE-2024-32972", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:27:53.323Z", "dateReserved": "2024-04-22T15:14:59.165Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-05-06T14:26:19.510Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards."}, {"lang": "es", "value": "go-ethereum (geth) es una implementaci\u00f3n de la capa de ejecuci\u00f3n golang del protocolo Ethereum. Antes de 13.01.15, se pod\u00eda hacer que un nodo vulnerable consumiera cantidades muy grandes de memoria al manejar mensajes p2p especialmente manipulados enviados desde un nodo atacante. La soluci\u00f3n se incluy\u00f3 en la versi\u00f3n geth `1.13.15` y posteriores."}], "id": "CVE-2024-32972", "lastModified": "2024-05-06T16:00:59.253", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-05-06T15:15:23.130", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15"}, {"source": "security-advisories@github.com", "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}