x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: CVE-2022-29177

[jba]

CVE-2022-29177 references github.com/ethereum/go-ethereum, which may be a Go module.

Description:
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (INFO) makes the node not vulnerable to this attack.

Links:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-29177
• JSON: https://github.com/CVEProject/cvelist/tree/b8a30d97c5e13a4b31879847714ee1223fb905c2/2022/29xxx/CVE-2022-29177.json
• PR: p2p: define DiscReason as uint8 ethereum/go-ethereum#24507
• GHSA-wjxw-gh3m-7pm5

See doc/triage.md for instructions on how to triage this report.

module: github.com/ethereum/go-ethereum
package: go-ethereum
description: |
    Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack.
cves:
  - CVE-2022-29177
links:
    pr: https://github.com/ethereum/go-ethereum/pull/24507
    context:
      - https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5