From 4882133cd80201b57d47c58d864307140afef489 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Wed, 6 Sep 2023 09:31:11 +0200 Subject: [PATCH] docs: vulnerabilities update (#28065) --- docs/_vulnerabilities/vulnerabilities.json | 16 ++++++++++++++++ .../vulnerabilities.json.minisig | 6 +++--- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/docs/_vulnerabilities/vulnerabilities.json b/docs/_vulnerabilities/vulnerabilities.json index bee0e66dd8e5..4aabc7b93805 100644 --- a/docs/_vulnerabilities/vulnerabilities.json +++ b/docs/_vulnerabilities/vulnerabilities.json @@ -166,5 +166,21 @@ "severity": "Low", "CVE": "CVE-2022-29177", "check": "(Geth\\/v1\\.10\\.(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)-.*)$" + }, + { + "name": "DoS via malicious p2p message", + "uid": "GETH-2023-01", + "summary": "A vulnerable node can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node.", + "description": "A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. Full details will be available at the Github security [advisory](https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm)", + "links": [ + "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm", + "https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities" + ], + "introduced": "v1.10.0", + "fixed": "v1.12.1", + "published": "2023-09-06", + "severity": "High", + "CVE": "CVE-2023-40591 ", + "check": "(Geth\\/v1\\.(10|11)\\..*)|(Geth\\/v1\\.12\\.0-.*)$" } ] diff --git a/docs/_vulnerabilities/vulnerabilities.json.minisig b/docs/_vulnerabilities/vulnerabilities.json.minisig index 414b24def860..04bf2f03865e 100644 --- a/docs/_vulnerabilities/vulnerabilities.json.minisig +++ b/docs/_vulnerabilities/vulnerabilities.json.minisig @@ -1,4 +1,4 @@ untrusted comment: signature from minisign secret key -RWQk7Lo5TQgd+9DjD2nXoabMy0BkWSuMiePPOQ9rXlwzvjhRGzEtwPDK3YupbRT9/OmyykFLGHCzWTRKVtVfYqFHL07m0DOOnww= -trusted comment: timestamp:1652258428 file:vulnerabilities.json -jtud9mtIiBRWA+krlBf1WCHgRzkcuzeoe9YLjLfHLEUQosbs+Ru1oaxx+nhxmjKdSRFwhPy1yoV5j9+rw55yCg== +RWQk7Lo5TQgd+yNUDg5S/P8bgddJ1c/pzV2keGeTxMlRTXxQjn5H66khm06OrodLkmNm9jgLYiJ5GRt+C1CmwHty8U/xI+6WhwY= +trusted comment: timestamp:1693984324 file:vulnerabilities.json +cfrt9ByMEn+s2BcMmtsS5AUNlTkhhU0rI0t5ggBPW8oT0tlkXYbsBrdlBvlPyOH3NJQNlbEYRb5Dq1XrQnd0BA==