x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-4xc9-8hmq-j652

[GoVulnBot]

In GitHub Security Advisory GHSA-4xc9-8hmq-j652, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/ethereum/go-ethereum	1.13.15	< 1.13.15

Cross references:

• Module github.com/ethereum/go-ethereum appears in issue x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-m6gx-rhvj-fh52 #392 EFFECTIVELY_PRIVATE
• Module github.com/ethereum/go-ethereum appears in issue x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: CVE-2022-29177 #456 EFFECTIVELY_PRIVATE
• Module github.com/ethereum/go-ethereum appears in issue x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-5m8f-chrv-7rw5 #555 NOT_IMPORTABLE
• Module github.com/ethereum/go-ethereum appears in issue x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-vmf7-hmh6-vv57 #581 EFFECTIVELY_PRIVATE
• Module github.com/ethereum/go-ethereum appears in issue x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-vrcc-g6vj-mh5w #582 NOT_A_VULNERABILITY
• Module github.com/ethereum/go-ethereum appears in issue x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-pvx3-gm3c-gmpr #614 EFFECTIVELY_PRIVATE
• Module github.com/ethereum/go-ethereum appears in issue x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum/cmd/evm: GHSA-9h4h-8w5p-f28w #814 NOT_IMPORTABLE
• Module github.com/ethereum/go-ethereum appears in issue x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum/eth: GHSA-qr2j-wrhx-4829 #871 NOT_IMPORTABLE
• Module github.com/ethereum/go-ethereum appears in issue x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-rqmg-hrg4-fm69 #941 EFFECTIVELY_PRIVATE
• Module github.com/ethereum/go-ethereum appears in issue x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-v9jh-j8px-98vq #2127 EFFECTIVELY_PRIVATE
• Module github.com/ethereum/go-ethereum appears in issue dummy issue #63
• Module github.com/ethereum/go-ethereum appears in issue dummy issue #75
• Module github.com/ethereum/go-ethereum appears in issue dummy issue #105
• Module github.com/ethereum/go-ethereum appears in issue x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: CVE-2021-39137 #254
• Module github.com/ethereum/go-ethereum appears in issue x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: CVE-2021-41173 #256
• Module github.com/ethereum/go-ethereum appears in issue x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: CVE-2023-40591 #2046

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/ethereum/go-ethereum
      versions:
        - fixed: 1.13.15
      vulnerable_at: 1.13.14
      packages:
        - package: github.com/ethereum/go-ethereum
summary: go-ethereum vulnerable to DoS via malicious p2p message in github.com/ethereum/go-ethereum
cves:
    - CVE-2024-32972
ghsas:
    - GHSA-4xc9-8hmq-j652
references:
    - advisory: https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652
    - web: https://github.com/ethereum/go-ethereum/compare/v1.13.14...v1.13.15
    - advisory: https://github.com/advisories/GHSA-4xc9-8hmq-j652
source:
    id: GHSA-4xc9-8hmq-j652

[gopherbot]

Change https://go.dev/cl/584157 mentions this issue: data/reports: add GO-2024-2819.yaml