Login Sign Up

CVE-2023-40591

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in go-ethereum (geth) allows attackers to send specially crafted P2P messages that cause vulnerable nodes to consume unbounded amounts of memory, potentially leading to denial of service. All Ethereum nodes running vulnerable geth versions are affected. The vulnerability can be exploited remotely without authentication.

💻 Affected Systems

Products:
  • go-ethereum (geth)
Versions: All versions before 1.12.1-stable
Operating Systems: All platforms running geth
Default Config Vulnerable: ⚠️ Yes
Notes: All geth nodes with P2P networking enabled are vulnerable by default.

📦 What is this software?

Go Ethereum by Ethereum

View all CVEs affecting Go Ethereum →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete node crash and denial of service, potentially disrupting Ethereum network operations and causing financial losses for node operators.

🟠

Likely Case

Memory exhaustion leading to node instability, degraded performance, and eventual crash requiring manual restart.

🟢

If Mitigated

No impact if patched version is running or if network controls prevent malicious P2P traffic.

🌐 Internet-Facing: HIGH - Attackers can exploit this remotely via P2P network without authentication.
🏢 Internal Only: MEDIUM - Internal attackers could exploit if they have network access to the node.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW - Attack involves sending specially crafted P2P messages.

No public exploit code available, but vulnerability details are public.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.12.1-stable and later (including 1.12.2-unstable)

Vendor Advisory: https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm

Restart Required: Yes

Instructions:

1. Stop the geth service. 2. Backup configuration and data. 3. Download and install geth v1.12.1 or later from official sources. 4. Restart the geth service.

🔧 Temporary Workarounds

No known workarounds

all

The vendor states there are no known workarounds for this vulnerability.

🧯 If You Can't Patch

  • Implement network segmentation to restrict P2P traffic to trusted nodes only
  • Monitor memory usage and restart nodes if abnormal consumption is detected

🔍 How to Verify

Check if Vulnerable:

Check geth version with 'geth version' command. If version is below 1.12.1, the system is vulnerable.

Check Version:

geth version

Verify Fix Applied:

Run 'geth version' and confirm version is 1.12.1 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Abnormal memory consumption patterns
  • Node crash logs
  • Out of memory errors in system logs

Network Indicators:

  • Unusual P2P traffic patterns
  • High volume of incoming P2P connections

SIEM Query:

source="geth.log" AND ("out of memory" OR "panic" OR "fatal") OR source="system.log" AND process="geth" AND ("killed" OR "oom")

📊 Metadata

CVE ID: CVE-2023-40591
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: September 6, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-40591, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)