CVSS 3.1 Score 7.5 of 10 (high)


Published Sep 6, 2023
Updated: Sep 12, 2023
CWE ID 400


CVE-2023-40591 is a vulnerability that affects the go-ethereum (geth) implementation of the Ethereum protocol. It allows an attacker to send specially crafted p2p messages to a vulnerable node, causing it to consume excessive amounts of memory. The fix for this vulnerability is included in geth version 1.12.1-stable and onwards, so users are advised to upgrade to mitigate the risk. There are no known workarounds for this vulnerability. The potential danger posed by this vulnerability is rated as high, with a base severity score of 7.5, as it can lead to resource exhaustion and impact the availability of affected systems.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-40591 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options