github.com/ethereum/go-ethereum
Go20 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/ethereum/go-ethereumpage 1 of 1
- CVE-2018-12018HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.112018-07-05
The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial…
- CVE-2018-16733HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.142018-09-08
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.
- CVE-2018-19184HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.142018-11-12
cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode.
- CVE-2020-26240MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.9.242020-11-25
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated earl…
- CVE-2020-26241MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.9.172020-11-25
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical ch…
- CVE-2020-26242MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.9.182020-11-25
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.
- CVE-2020-26264MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.9.252020-12-11
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES clie…
- CVE-2020-26265MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.9.202020-12-11
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept th…
- CVE-2021-39137MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.10.82021-08-24
go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further…
- CVE-2021-41173MEDIUMCVSS 5.7EG 5.7✓ Fixed in 1.10.92021-10-26
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to t…
- CVE-2021-42219HIGHCVSS 7.5EG 7.52022-03-17
Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go.
- CVE-2021-43668MEDIUMCVSS 5.5EG 5.52021-11-18
Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal.
- CVE-2022-23327HIGHCVSS 7.5EG 7.52022-03-04
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a de…
- CVE-2022-23328HIGHCVSS 7.5EG 7.52022-03-04
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of …
- CVE-2022-29177MEDIUMCVSS 5.9EG 5.9✓ Fixed in 1.10.172022-05-20
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent fr…
- CVE-2022-37450MEDIUMCVSS 5.9EG 5.92022-08-05
Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (…
- CVE-2023-40591HIGHCVSS 7.5EG 7.5✓ Fixed in 1.12.12023-09-06
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix …
- CVE-2023-42319HIGHCVSS 7.5EG 7.52023-10-18
Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql e…
- CVE-2024-32972HIGHCVSS 7.5EG 7.5✓ Fixed in 1.13.152024-05-06
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attac…
- CVE-2025-24883HIGHCVSS 8.7EG 0.0✓ Fixed in 1.14.132025-01-30
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.
Check whether github.com/ethereum/go-ethereum is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/ethereum/go-ethereum CVEs against the assets you own.
Start Free Scan →