LES Server DoS via GetProofsV2

Impact

A DoS vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client.

Patches

The vulnerability was patched in #21896.

Workarounds

This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit.
It can also be patched by manually applying the patch in #21896.

For more information

If you have any questions or comments about this advisory:

Open an issue in go-ethereum
Email us at security@ethereum.org

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LES Server DoS via GetProofsV2

Package

Affected versions

Patched versions

Description

Impact

Patches

Workarounds

For more information

Severity

CVE ID

Weaknesses

Credits