cmd/geth: update testdata (vulncheck) (ethereum#29714)

holiman · May 28, 2024 · 61932e4 · 61932e4
1 parent 871e55d
commit 61932e4
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/cmd/geth/testdata/vcheck/vulnerabilities.json b/cmd/geth/testdata/vcheck/vulnerabilities.json
@@ -166,5 +166,37 @@
     "severity": "Low",
     "CVE": "CVE-2022-29177",
     "check": "(Geth\\/v1\\.10\\.(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)-.*)$"
+  },
+  {
+    "name": "DoS via malicious p2p message",
+    "uid": "GETH-2023-01",
+    "summary": "A vulnerable node can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node.",
+    "description": "The p2p handler spawned a new goroutine to respond to ping requests. By flooding a node with ping requests, an unbounded number of goroutines can be created, leading to resource exhaustion and potentially crash due to OOM.",
+    "links": [
+      "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm",
+      "https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities"
+    ],
+    "introduced": "v1.10.0",
+    "fixed": "v1.12.1",
+    "published": "2023-09-06",
+    "severity": "High",
+    "CVE": "CVE-2023-40591",
+    "check": "(Geth\\/v1\\.(10|11)\\..*)|(Geth\\/v1\\.12\\.0-.*)$"
+  },
+  {
+    "name": "DoS via malicious p2p message",
+    "uid": "GETH-2024-01",
+    "summary": "A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node.",
+    "description": "A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. Full details will be available at the Github security [advisory](https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652)",
+    "links": [
+      "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652",
+      "https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities"
+    ],
+    "introduced": "v1.10.0",
+    "fixed": "v1.13.15",
+    "published": "2024-05-06",
+    "severity": "High",
+    "CVE": "CVE-2024-32972",
+    "check": "(Geth\\/v1\\.(10|11|12)\\..*)|(Geth\\/v1\\.13\\.\\d-.*)|(Geth\\/v1\\.13\\.1(0|1|2|3|4)-.*)$"
   }
 ]