Home > Vulnerability Database > CVE-2023-42319

Mend.io Vulnerability Database

CVE-2023-42319

Date: October 18, 2023

Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic.

Language: Go

Severity Score

7.5

Related Resources (4)

Url: https://geth.ethereum.org/docs/fundamentals/security

Url: https://blog.mevsec.com/posts/geth-dos-with-graphql/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-42319

Url: https://www.mend.io/vulnerability-database/CVE-2023-42319

Severity Score

7.5

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-42319

Date: October 18, 2023

Language: Go

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?