{"id":"GO-2021-0063","summary":"Nil pointer dereference via malicious RPC message in github.com/ethereum/go-ethereum","details":"Due to a nil pointer dereference, a maliciously crafted RPC message can cause a panic. If handling RPC messages from untrusted clients, this may be used as a denial of service vector.","aliases":["CVE-2020-26264","GHSA-r33q-22hv-j29q"],"modified":"2024-05-20T16:03:47Z","published":"2021-04-14T20:04:52Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0063","review_status":"REVIEWED"},"references":[{"type":"FIX","url":"https://github.com/ethereum/go-ethereum/pull/21896"},{"type":"FIX","url":"https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46"}],"affected":[{"package":{"name":"github.com/ethereum/go-ethereum","ecosystem":"Go","purl":"pkg:golang/github.com/ethereum/go-ethereum"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.9.25"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/ethereum/go-ethereum/les","symbols":["PrivateLightServerAPI.Benchmark","serverHandler.handleMsg"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2021-0063.json"}}],"schema_version":"1.7.3","credits":[{"name":"@zsfelfoldi"}]}