CVE-2018-12018
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-12018
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-12018.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-12018
- Aliases
- Published
- 2018-07-05T02:29:00Z
- Modified
- 2025-01-08T10:16:18.127643Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue.
- References
Affected packages
Git / github.com/ethereum/go-ethereum
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ethereum/go-ethereum
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
0.*
0.2.2
0.3.0
0.3.1
0.5.13
0.5.14
0.5.15
0.5.16
0.5.17
0.5.18
0.5.19
0.9.16
0.9.23
Other
2
PoC6
poc1
poc5-rc1
poc5-rc10
poc5-rc11
poc5-rc12
poc5-rc2
poc5-rc3
poc5-rc4
poc5-rc6
poc5-rc7
poc5-rc8
poc5-rc9
v0.*
v0.6.0
v0.6.3
v0.6.4
v0.6.5
v0.6.5-1
v0.6.5-2
v0.6.6
v0.6.7
v0.6.8
v0.7.10
v0.7.10-broken
v0.7.11
v0.8.4
v0.8.4-1
v0.8.5
v0.8.5-2
v0.9.17
v0.9.18
v0.9.20
v0.9.21
v0.9.21.1
v0.9.22
v0.9.23
v0.9.24
v0.9.25
v0.9.26
v0.9.28
v0.9.30
v0.9.32
v0.9.34
v0.9.34-1
v0.9.36
v0.9.38
v0.9.39
v1.*
v1.0.1
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.5.9
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.8.0
v1.8.1
v1.8.10
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.8
v1.8.9