CVE-2020-26264 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	In go-ethereum before version 1.9.25, a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling the LES server; disabling LES prevents the exploit. The vulnerability was patched in version 1.9.25.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1351	go-ethereum	1.9.24-2	1.9.25-1	Medium	Fixed

References
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q https://github.com/ethereum/go-ethereum/pull/21896 https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46

References

https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q
https://github.com/ethereum/go-ethereum/pull/21896
https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46

Notes
Workaround ========== This issue can be mitigated by disabling the LES server.