CVE-2025-24883

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-24883

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-24883.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-24883

Aliases

Downstream

SUSE-SU-2025:0429-1

openSUSE-SU-2025:14732-1

Related

Published

2025-01-30T15:58:10Z

Modified

2025-10-10T08:26:13.737879Z

Severity

8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

go-ethereum has a DoS via malicious p2p message

Details

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.

References

Affected packages

Git / github.com/ethereum/go-ethereum

Affected ranges

Type: GIT
Repo: https://github.com/ethereum/go-ethereum
Events: Introduced

87246f3cbaf10f83f56bc4d45f0f3e36e83e71e9

Fixed

eb00f1694c9265f6909c19995a535eef246dcf1e

Affected versions

v1.*

v1.14.0

v1.14.10

v1.14.11

v1.14.12

v1.14.2

v1.14.3

v1.14.4

v1.14.5

v1.14.6

v1.14.7

v1.14.8

v1.14.9