{"id":"GHSA-mr7q-c9w9-wh4h","summary":"go-ethereum is vulnerable to DoS via malicious p2p message affecting a vulnerable node","details":"**Impact**\n\nA vulnerable node can be forced to shutdown/crash using a specially crafted message. \nMore details to be released later.\n\n**Credit**\n\nThis issue was reported to the Ethereum Foundation Bug Bounty Program by DELENE TCHIO ROMUALD.","aliases":["CVE-2026-22862","GO-2026-4315"],"modified":"2026-02-03T02:59:06.834692Z","published":"2026-01-13T21:55:12Z","database_specific":{"github_reviewed_at":"2026-01-13T21:55:12Z","github_reviewed":true,"nvd_published_at":"2026-01-13T21:15:54Z","severity":"HIGH","cwe_ids":["CWE-20"]},"references":[{"type":"WEB","url":"https://github.com/ethereum/go-ethereum/security/advisories/GHSA-mr7q-c9w9-wh4h"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22862"},{"type":"WEB","url":"https://github.com/ethereum/go-ethereum/commit/abeb78c647e354ed922726a1d719ac7bc64a07e2"},{"type":"PACKAGE","url":"https://github.com/ethereum/go-ethereum"}],"affected":[{"package":{"name":"github.com/ethereum/go-ethereum","ecosystem":"Go","purl":"pkg:golang/github.com/ethereum/go-ethereum"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.16.8"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-mr7q-c9w9-wh4h/GHSA-mr7q-c9w9-wh4h.json","last_known_affected_version_range":"\u003c= 1.16.7"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}]}