Login Sign Up

CVE-2022-23327

7.5 HIGH
Denial of Service

📋 TL;DR

A design flaw in Go-Ethereum allows attacker nodes to flood victim nodes with specially crafted transaction messages, causing the victim's memory pool to be purged of pending transactions. This results in denial of service for Ethereum nodes running vulnerable versions. The vulnerability affects Go-Ethereum (Geth) clients before version 1.10.13.

💻 Affected Systems

Products:
  • Go-Ethereum (Geth)
Versions: All versions up to and including 1.10.12
Operating Systems: All platforms running Go-Ethereum
Default Config Vulnerable: ⚠️ Yes
Notes: All standard configurations of affected Go-Ethereum versions are vulnerable. The vulnerability exists in the transaction message handling logic.

📦 What is this software?

Go Ethereum by Ethereum

View all CVEs affecting Go Ethereum →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of Ethereum node operations, preventing transaction processing and mining activities, potentially affecting blockchain network participation and consensus.

🟠

Likely Case

Temporary denial of service where victim nodes cannot process legitimate transactions until the attack stops and memory pool recovers.

🟢

If Mitigated

Minimal impact with proper network segmentation, rate limiting, and updated software.

🌐 Internet-Facing: HIGH - Ethereum nodes typically operate on public networks and are directly exposed to malicious actors.
🏢 Internal Only: MEDIUM - Internal nodes could still be targeted if attackers gain network access, but attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The attack requires network access to the target node but no authentication. Attack methodology is documented in academic papers and security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.10.13 and later

Vendor Advisory: https://github.com/ethereum/go-ethereum/releases/tag/v1.10.13

Restart Required: Yes

Instructions:

1. Stop the Go-Ethereum service. 2. Backup configuration and data. 3. Download and install Go-Ethereum 1.10.13 or later from official repository. 4. Restart the service with updated binary.

🔧 Temporary Workarounds

Transaction Pool Size Limitation

all

Reduce the transaction pool size to limit impact of flooding attacks

geth --txpool.globalslots 4096 --txpool.globalqueue 1024

Network Rate Limiting

linux

Implement network-level rate limiting for incoming peer connections

iptables -A INPUT -p tcp --dport 30303 -m limit --limit 10/min --limit-burst 20 -j ACCEPT
iptables -A INPUT -p tcp --dport 30303 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit peer connections to trusted nodes only
  • Monitor transaction pool metrics and implement alerting for abnormal memory pool purging events

🔍 How to Verify

Check if Vulnerable:

Check Go-Ethereum version: geth version | grep 'Version: 1.10' and verify if version is 1.10.12 or earlier

Check Version:

geth version

Verify Fix Applied:

Verify version is 1.10.13 or later: geth version | grep 'Version: 1.10.13' or higher

📡 Detection & Monitoring

Log Indicators:

  • Sudden drops in pending transaction counts
  • Multiple 'txpool: dropping transaction' messages
  • Abnormal peer disconnections

Network Indicators:

  • High volume of transaction messages from single peer
  • Unusual patterns in P2P network traffic

SIEM Query:

source="geth.log" AND "txpool" AND ("dropping" OR "purge" OR "overflow")

📊 Metadata

CVE ID: CVE-2022-23327
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: March 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON