CVE-2022-23328
HIGHGo-Ethereum - Denial of Service via High Gas Price Transaction Flood
Title source: llmDescription
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS).
References (4)
Core 4
Core References
Product x_refsource_misc
http://ethereum.com
Product x_refsource_misc
http://go-ethereum.com
Exploit, Mitigation, Technical Description, Third Party Advisory x_refsource_misc
https://tristartom.github.io/docs/ccs21.pdf
Exploit, Mitigation, Technical Description, Third Party Advisory x_refsource_misc
https://dl.acm.org/doi/pdf/10.1145/3460120.3485369
Scores
CVSS v3
7.5
EPSS
0.0185
EPSS Percentile
76.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (2)
ethereum/go-ethereum
0Go
ethereum/go_ethereum
Published
Mar 04, 2022
Tracked Since
Feb 18, 2026