CVE-2021-41173: Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.
CVE-2021-43668: Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30fa6ec820e60f600f2ed0b50e32104886271db4 commit 30fa6ec820e60f600f2ed0b50e32104886271db4 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-12-24 04:01:59 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-12-24 04:01:59 +0000 net-p2p/go-ethereum: drop 1.10.2, 1.10.3, 1.10.8 Bug: https://bugs.gentoo.org/820380 Signed-off-by: Sam James <sam@gentoo.org> net-p2p/go-ethereum/Manifest | 163 ------ net-p2p/go-ethereum/go-ethereum-1.10.2.ebuild | 758 -------------------------- net-p2p/go-ethereum/go-ethereum-1.10.3.ebuild | 656 ---------------------- net-p2p/go-ethereum/go-ethereum-1.10.8.ebuild | 705 ------------------------ 4 files changed, 2282 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b767f880c3b124bd50dd2b7e019ce783f49aa36 commit 1b767f880c3b124bd50dd2b7e019ce783f49aa36 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-12-24 04:01:38 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-12-24 04:01:38 +0000 net-p2p/go-ethereum: add 1.10.14 Bug: https://bugs.gentoo.org/820380 Closes: https://bugs.gentoo.org/825398 Signed-off-by: Sam James <sam@gentoo.org> net-p2p/go-ethereum/Manifest | 27 + net-p2p/go-ethereum/go-ethereum-1.10.14.ebuild | 717 +++++++++++++++++++++++++ 2 files changed, 744 insertions(+)