cmd/geth: update testdata (vulncheck) (#29714)
This commit is contained in:
parent
871e55d93e
commit
61932e4710
32
cmd/geth/testdata/vcheck/vulnerabilities.json
vendored
32
cmd/geth/testdata/vcheck/vulnerabilities.json
vendored
@ -166,5 +166,37 @@
|
|||||||
"severity": "Low",
|
"severity": "Low",
|
||||||
"CVE": "CVE-2022-29177",
|
"CVE": "CVE-2022-29177",
|
||||||
"check": "(Geth\\/v1\\.10\\.(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)-.*)$"
|
"check": "(Geth\\/v1\\.10\\.(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)-.*)$"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "DoS via malicious p2p message",
|
||||||
|
"uid": "GETH-2023-01",
|
||||||
|
"summary": "A vulnerable node can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node.",
|
||||||
|
"description": "The p2p handler spawned a new goroutine to respond to ping requests. By flooding a node with ping requests, an unbounded number of goroutines can be created, leading to resource exhaustion and potentially crash due to OOM.",
|
||||||
|
"links": [
|
||||||
|
"https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm",
|
||||||
|
"https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities"
|
||||||
|
],
|
||||||
|
"introduced": "v1.10.0",
|
||||||
|
"fixed": "v1.12.1",
|
||||||
|
"published": "2023-09-06",
|
||||||
|
"severity": "High",
|
||||||
|
"CVE": "CVE-2023-40591",
|
||||||
|
"check": "(Geth\\/v1\\.(10|11)\\..*)|(Geth\\/v1\\.12\\.0-.*)$"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "DoS via malicious p2p message",
|
||||||
|
"uid": "GETH-2024-01",
|
||||||
|
"summary": "A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node.",
|
||||||
|
"description": "A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. Full details will be available at the Github security [advisory](https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652)",
|
||||||
|
"links": [
|
||||||
|
"https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652",
|
||||||
|
"https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities"
|
||||||
|
],
|
||||||
|
"introduced": "v1.10.0",
|
||||||
|
"fixed": "v1.13.15",
|
||||||
|
"published": "2024-05-06",
|
||||||
|
"severity": "High",
|
||||||
|
"CVE": "CVE-2024-32972",
|
||||||
|
"check": "(Geth\\/v1\\.(10|11|12)\\..*)|(Geth\\/v1\\.13\\.\\d-.*)|(Geth\\/v1\\.13\\.1(0|1|2|3|4)-.*)$"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
Loading…
Reference in New Issue
Block a user