Vulnerability DatabaseCVE-2022-29177

CVE-2022-29177:
Ethereum Geth vulnerability analysis and mitigation

Overview

Go Ethereum (geth), the official Golang implementation of the Ethereum protocol, was found to contain a vulnerability (CVE-2022-29177) that could allow an attacker to crash nodes configured with high verbosity logging through specially crafted p2p messages. The vulnerability was discovered and reported by nrv via bounty@ethereum.org, affecting versions prior to 1.10.17, with the fix being implemented in version 1.10.17 (GitHub Advisory).

Technical details

The vulnerability stems from the implementation of disconnect reason handling in the p2p protocol. The issue was related to how disconnect reasons were stored, where other implementations used a single byte for storage. The vulnerability was assigned a CVSS v3.1 Base Score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility with high attack complexity and potential for high availability impact (NVD).

Impact

When exploited, the vulnerability could cause a denial of service (DoS) condition by crashing nodes that were configured with high verbosity logging. The impact was limited to availability, with no compromise to confidentiality or integrity of the affected systems (GitHub Advisory).

Mitigation and workarounds

The vulnerability was patched in Go Ethereum version 1.10.17 through PR #24507, which modified the DiscReason type to uint8. As a workaround, users can set the loglevel to the default level (INFO) to prevent exploitation of this vulnerability (GitHub Advisory).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

5.9

Score

Published May 20, 2022

Severity MEDIUM

CNA Score 5.9

Affected Technologies

Ethereum Geth

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 62

Exploitation Probability (EPSS) 0.4

Affected packages and libraries

github.com/ethereum/go-ethereum
cpe:2.3:a:ethereum:go_ethereum

Sources

GitHub Advisory Database
- GoLang Severity MEDIUMHas FixAdded at: May 10, 2023
NVD
- Windows Severity MEDIUMHas FixAdded at: Sep 16, 2024

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Ethereum Geth vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-24883	HIGH	8.7	Ethereum Geth	github.com/ethereum/go-ethereum	No	Yes	Jan 30, 2025
CVE-2024-32972	HIGH	7.5	Ethereum Geth	cpe:2.3:a:ethereum:go_ethereum	No	Yes	May 06, 2024
CVE-2023-42319	HIGH	7.5	Ethereum Geth	cpe:2.3:a:ethereum:go_ethereum	No	Yes	Oct 18, 2023
CVE-2023-40591	HIGH	7.5	Ethereum Geth	github.com/ethereum/go-ethereum	No	Yes	Sep 06, 2023
CVE-2022-37450	MEDIUM	5.9	Ethereum Geth	geth	No	Yes	Aug 05, 2022

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2022-29177: Ethereum Geth vulnerability analysis and mitigation