Home > Vulnerability Database > CVE-2024-32972

Mend.io Vulnerability Database

CVE-2024-32972

Good to know:

Date: May 6, 2024

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version "1.13.15" and onwards.

Language: Go

Severity Score

7.5

Related Resources (6)

Url: https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15

Url: https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652

Url: https://github.com/advisories/GHSA-4xc9-8hmq-j652

Url: https://github.com/ethereum/go-ethereum

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-32972

Url: https://www.mend.io/vulnerability-database/CVE-2024-32972

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version github.com/ethereum/go-ethereum - v1.13.15

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-32972

Good to know:

Date: May 6, 2024

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?