CVE-2024-32972

{"id": "CVE-2024-32972", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-05-06T15:15:23.130", "references": [{"url": "https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15", "source": "security-advisories@github.com"}, {"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards."}, {"lang": "es", "value": "go-ethereum (geth) es una implementaci\u00f3n de la capa de ejecuci\u00f3n golang del protocolo Ethereum. Antes de 13.01.15, se pod\u00eda hacer que un nodo vulnerable consumiera cantidades muy grandes de memoria al manejar mensajes p2p especialmente manipulados enviados desde un nodo atacante. La soluci\u00f3n se incluy\u00f3 en la versi\u00f3n geth `1.13.15` y posteriores."}], "lastModified": "2024-05-06T16:00:59.253", "sourceIdentifier": "security-advisories@github.com"}