From d92bb76dcd0cccdbe6af95fc2a0eb88c3e967084 Mon Sep 17 00:00:00 2001
From: Martin Holst Swende <martin@swende.se>
Date: Wed, 6 Sep 2023 13:01:56 +0200
Subject: [PATCH] docs: vulnerabilities update (#28065) (#28067)

---
 public/docs/vulnerabilities/vulnerabilities.json | 16 ++++++++++++++++
 .../vulnerabilities/vulnerabilities.json.minisig |  6 +++---
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/public/docs/vulnerabilities/vulnerabilities.json b/public/docs/vulnerabilities/vulnerabilities.json
index bee0e66dd8..4aabc7b938 100644
--- a/public/docs/vulnerabilities/vulnerabilities.json
+++ b/public/docs/vulnerabilities/vulnerabilities.json
@@ -166,5 +166,21 @@
     "severity": "Low",
     "CVE": "CVE-2022-29177",
     "check": "(Geth\\/v1\\.10\\.(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)-.*)$"
+  },
+  {
+    "name": "DoS via malicious p2p message",
+    "uid": "GETH-2023-01",
+    "summary": "A vulnerable node can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node.",
+    "description": "A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. Full details will be available at the Github security [advisory](https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm)",
+    "links": [
+      "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm",
+      "https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities"
+    ],
+    "introduced": "v1.10.0",
+    "fixed": "v1.12.1",
+    "published": "2023-09-06",
+    "severity": "High",
+    "CVE": "CVE-2023-40591 ",
+    "check": "(Geth\\/v1\\.(10|11)\\..*)|(Geth\\/v1\\.12\\.0-.*)$"
   }
 ]
diff --git a/public/docs/vulnerabilities/vulnerabilities.json.minisig b/public/docs/vulnerabilities/vulnerabilities.json.minisig
index 414b24def8..04bf2f0386 100644
--- a/public/docs/vulnerabilities/vulnerabilities.json.minisig
+++ b/public/docs/vulnerabilities/vulnerabilities.json.minisig
@@ -1,4 +1,4 @@
 untrusted comment: signature from minisign secret key
-RWQk7Lo5TQgd+9DjD2nXoabMy0BkWSuMiePPOQ9rXlwzvjhRGzEtwPDK3YupbRT9/OmyykFLGHCzWTRKVtVfYqFHL07m0DOOnww=
-trusted comment: timestamp:1652258428	file:vulnerabilities.json
-jtud9mtIiBRWA+krlBf1WCHgRzkcuzeoe9YLjLfHLEUQosbs+Ru1oaxx+nhxmjKdSRFwhPy1yoV5j9+rw55yCg==
+RWQk7Lo5TQgd+yNUDg5S/P8bgddJ1c/pzV2keGeTxMlRTXxQjn5H66khm06OrodLkmNm9jgLYiJ5GRt+C1CmwHty8U/xI+6WhwY=
+trusted comment: timestamp:1693984324	file:vulnerabilities.json
+cfrt9ByMEn+s2BcMmtsS5AUNlTkhhU0rI0t5ggBPW8oT0tlkXYbsBrdlBvlPyOH3NJQNlbEYRb5Dq1XrQnd0BA==