Skip to main content

Improper Input Validation

CVE-2021-41173

Severity Medium
Score 5.7/10

Summary

Go Ethereum is the official Golang implementation of the Ethereum protocol. Between version 1.10.0 and 1.10.8, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • REQUIRED
  • LOW
  • NONE
  • HIGH

CWE-20 - Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Advisory Timeline

  • Published