Login Sign Up

CVE-2021-42219

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2021-42219 is a denial-of-service vulnerability in Go-Ethereum where attackers can crash nodes by sending excessive messages due to missing memory management in the ethash algorithm component. This affects anyone running vulnerable Go-Ethereum nodes, particularly miners and network participants. The vulnerability allows resource exhaustion attacks without requiring authentication.

💻 Affected Systems

Products:
  • Go-Ethereum (geth)
Versions: v1.10.9 specifically
Operating Systems: All platforms running Go-Ethereum
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects nodes running the vulnerable version; clients not participating in mining/validation may be less affected.

📦 What is this software?

Go Ethereum by Ethereum

View all CVEs affecting Go Ethereum →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete node crash leading to network partition, transaction processing halt, and potential chain synchronization issues for affected nodes.

🟠

Likely Case

Temporary node unavailability requiring restart, causing missed blocks for miners and transaction delays for users.

🟢

If Mitigated

Minimal impact with proper network segmentation, rate limiting, and monitoring in place to detect and block excessive message traffic.

🌐 Internet-Facing: HIGH - Nodes exposed to the internet are directly vulnerable to remote DoS attacks from any network source.
🏢 Internal Only: MEDIUM - Internal nodes are still vulnerable to attacks from compromised internal systems or malicious insiders.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Attack requires sending crafted messages to vulnerable nodes; no authentication needed. Simple scripts could exploit this.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.10.10 and later

Vendor Advisory: https://github.com/ethereum/go-ethereum/releases/tag/v1.10.10

Restart Required: Yes

Instructions:

1. Stop the geth service. 2. Backup configuration and data. 3. Download and install geth v1.10.10 or later. 4. Restart the geth service with appropriate configuration.

🔧 Temporary Workarounds

Network Rate Limiting

linux

Implement network-level rate limiting to restrict incoming message volume

iptables -A INPUT -p tcp --dport 30303 -m limit --limit 50/second --limit-burst 100 -j ACCEPT
iptables -A INPUT -p tcp --dport 30303 -j DROP

Firewall Restrictions

linux

Restrict node access to trusted peers only

iptables -A INPUT -p tcp --dport 30303 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 30303 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit node exposure
  • Deploy monitoring and alerting for abnormal message rates or node crashes

🔍 How to Verify

Check if Vulnerable:

Check geth version: geth version | grep 'Version: 1.10.9' indicates vulnerability

Check Version:

geth version

Verify Fix Applied:

Verify geth version is 1.10.10 or later: geth version | grep -E 'Version: (1.10.[1-9][0-9]+|1.[1-9][0-9]+)'

📡 Detection & Monitoring

Log Indicators:

  • Excessive 'panic' or 'fatal' errors in geth logs
  • Sudden node termination without normal shutdown messages
  • High memory usage spikes before crash

Network Indicators:

  • Unusually high inbound message rates on port 30303
  • Multiple connection attempts from single sources
  • Abnormal P2P protocol traffic patterns

SIEM Query:

source="geth.log" ("panic" OR "fatal") AND "ethash" OR source="firewall" dest_port=30303 AND rate_threshold>50/sec

📊 Metadata

CVE ID: CVE-2021-42219
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: March 17, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON