{"id":"CVE-2018-19184","details":"cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode.","aliases":["GHSA-9h4h-8w5p-f28w","GO-2022-0814"],"modified":"2026-04-10T04:08:45.888107Z","published":"2018-11-12T02:29:00.357Z","related":["openSUSE-SU-2025:15424-1"],"references":[{"type":"EVIDENCE","url":"https://github.com/ethereum/go-ethereum/issues/18069"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ethereum/go-ethereum","events":[{"introduced":"0"},{"last_affected":"8bbe72075e4e16442c4e28d999edee12e294329e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.8.17"}]}}],"versions":["0.2.2","0.3.0","0.3.1","0.5.13","0.5.14","0.5.15","0.5.16","0.5.17","0.5.18","0.5.19","0.9.16","0.9.23","2","poc1","poc5-rc1","poc5-rc10","poc5-rc11","poc5-rc12","poc5-rc2","poc5-rc3","poc5-rc4","poc5-rc6","poc5-rc7","poc5-rc8","poc5-rc9","v0.8.4","v0.9.17","v0.9.18","v0.9.20","v0.9.21","v0.9.22","v0.9.23","v0.9.24","v0.9.25","v0.9.26","v0.9.28","v0.9.30","v0.9.32","v0.9.34","v0.9.34-1","v0.9.36","v0.9.38","v1.0.1","v1.5.0","v1.5.1","v1.5.2","v1.5.3","v1.5.4","v1.5.5","v1.5.6","v1.5.7","v1.5.8","v1.5.9","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.7.0","v1.7.1","v1.7.2","v1.7.3","v1.8.0","v1.8.1","v1.8.10","v1.8.11","v1.8.12","v1.8.13","v1.8.14","v1.8.15","v1.8.16","v1.8.17","v1.8.2","v1.8.3","v1.8.4","v1.8.5","v1.8.6","v1.8.7","v1.8.8","v1.8.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19184.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}