Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-41173

Good to know:

icon

Date: October 26, 2021

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.

Language: Go

Severity Score

Related Resources (9)

https://github.com/ethereum/go-ethereum/pull/23657/commits/f1fd963a5a965e643e52fcf805a2a02a323c32b8
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v
https://nvd.nist.gov/vuln/detail/CVE-2021-41173
https://github.com/ethereum/go-ethereum/releases/tag/v1.10.9
https://pkg.go.dev/vuln/GO-2022-0256
https://github.com/ethereum/go-ethereum
https://github.com/ethereum/go-ethereum/commit/e40b37718326b8b4873b3b00a0db2e6c6d9ea738
https://github.com/ethereum/go-ethereum/pull/23801
https://www.mend.io/vulnerability-database/CVE-2021-41173

Severity Score

Weakness Type (CWE)

Improper Input Validation

CWE-20

Insufficient Information

NVD-CWE-noinfo

Top Fix

icon

Upgrade Version

Upgrade to version github.com/ethereum/go-ethereum - v1.10.9

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): SINGLE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us