{"id":"CVE-2022-23328","details":"A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS).","aliases":["GHSA-vmf7-hmh6-vv57"],"modified":"2026-03-14T11:32:16.873658Z","published":"2022-03-04T12:15:07.930Z","references":[{"type":"WEB","url":"http://ethereum.com"},{"type":"WEB","url":"http://go-ethereum.com"},{"type":"EVIDENCE","url":"https://dl.acm.org/doi/pdf/10.1145/3460120.3485369"},{"type":"EVIDENCE","url":"https://tristartom.github.io/docs/ccs21.pdf"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23328.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}