From 278042bdf25114783bc03f4e5918def5f1e63c18 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Wed, 11 May 2022 10:52:20 +0200 Subject: [PATCH] docs: update vulnerability info (#24857) --- docs/_vulnerabilities/vulnerabilities.json | 19 ++++++++++++++++++- .../vulnerabilities.json.minisig | 6 +++--- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/docs/_vulnerabilities/vulnerabilities.json b/docs/_vulnerabilities/vulnerabilities.json index 8acefac878..bee0e66dd8 100644 --- a/docs/_vulnerabilities/vulnerabilities.json +++ b/docs/_vulnerabilities/vulnerabilities.json @@ -134,7 +134,7 @@ "check": "(Geth\\/v1\\.10\\.(0|1|2|3|4|5|6|7)-.*)$" }, { - "name": "DoS via malicious `snap/1` request ", + "name": "DoS via malicious `snap/1` request", "uid": "GETH-2021-03", "summary": "A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer, via the snap/1 protocol. The crash can be triggered by sending a malicious snap/1 GetTrieNodes package.", "description": "The `snap/1` protocol handler contains two vulnerabilities related to the `GetTrieNodes` packet, which can be exploited to crash the node. Full details are available at the Github security [advisory](https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v)", @@ -149,5 +149,22 @@ "severity": "Medium", "CVE": "CVE-2021-41173", "check": "(Geth\\/v1\\.10\\.(0|1|2|3|4|5|6|7|8)-.*)$" + }, + { + "name": "DoS via malicious p2p message", + "uid": "GETH-2022-01", + "summary": "A vulnerable node can crash via p2p messages sent from an attacker node, if running with non-default log options.", + "description": "A vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Full details are available at the Github security [advisory](https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5)", + "links": [ + "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5", + "https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities", + "https://github.com/ethereum/go-ethereum/pull/24507" + ], + "introduced": "v1.10.0", + "fixed": "v1.10.17", + "published": "2022-05-11", + "severity": "Low", + "CVE": "CVE-2022-29177", + "check": "(Geth\\/v1\\.10\\.(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)-.*)$" } ] diff --git a/docs/_vulnerabilities/vulnerabilities.json.minisig b/docs/_vulnerabilities/vulnerabilities.json.minisig index 6b61983807..414b24def8 100644 --- a/docs/_vulnerabilities/vulnerabilities.json.minisig +++ b/docs/_vulnerabilities/vulnerabilities.json.minisig @@ -1,4 +1,4 @@ untrusted comment: signature from minisign secret key -RWQk7Lo5TQgd++1KS2a5zDfzIShMgTJkiv++9SEPG1JSAvSkq3MbNuYg/Rg0sAiRdfh7V4oBfKBL8sxlwoAq2MpKE19ezsluIwM= -trusted comment: timestamp:1637656079 file:vulnerabilities.json -Wazb+Xg21XNnbbx10OF0fDtlI27VhgJ5GfjmywnD3s3uJHFCC3CSRF14m75nSBelmvw4tHNZk1Apf3vBNvw0AQ== +RWQk7Lo5TQgd+9DjD2nXoabMy0BkWSuMiePPOQ9rXlwzvjhRGzEtwPDK3YupbRT9/OmyykFLGHCzWTRKVtVfYqFHL07m0DOOnww= +trusted comment: timestamp:1652258428 file:vulnerabilities.json +jtud9mtIiBRWA+krlBf1WCHgRzkcuzeoe9YLjLfHLEUQosbs+Ru1oaxx+nhxmjKdSRFwhPy1yoV5j9+rw55yCg==