x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: CVE-2025-24883

[GoVulnBot]

Advisory CVE-2025-24883 references a vulnerability in the following Go modules:

Module
github.com/ethereum/go-ethereum

Description:
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-24883
• FIX: ethereum/go-ethereum@fa9a2ff
• WEB: GHSA-q26p-9cq4-7fc2

Cross references:

• github.com/ethereum/go-ethereum appears in 19 other report(s):
  • data/excluded/GO-2022-0555.yaml (x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-5m8f-chrv-7rw5 #555) NOT_IMPORTABLE
  • data/excluded/GO-2022-0581.yaml (x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-vmf7-hmh6-vv57 #581) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2022-0582.yaml (x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-vrcc-g6vj-mh5w #582) NOT_A_VULNERABILITY
  • data/excluded/GO-2022-0614.yaml (x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-pvx3-gm3c-gmpr #614) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2022-0941.yaml (x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-rqmg-hrg4-fm69 #941) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2127.yaml (x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-v9jh-j8px-98vq #2127) EFFECTIVELY_PRIVATE
  • data/reports/GO-2021-0063.yaml (dummy issue #63)
  • data/reports/GO-2021-0075.yaml (dummy issue #75)
  • data/reports/GO-2021-0105.yaml (dummy issue #105)
  • data/reports/GO-2022-0254.yaml (x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: CVE-2021-39137 #254)
  • data/reports/GO-2022-0256.yaml (x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: CVE-2021-41173 #256)
  • data/reports/GO-2022-0392.yaml (x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-m6gx-rhvj-fh52 #392)
  • data/reports/GO-2022-0456.yaml (x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: CVE-2022-29177 #456)
  • data/reports/GO-2022-0771.yaml (x/vulndb: potential Go vuln in github.com/binance-chain/tss-lib/ecdsa/keygen: GHSA-69v6-xc2j-r2jf #771)
  • data/reports/GO-2022-0775.yaml (x/vulndb: potential Go vuln in github.com/binance-chain/tss-lib/ecdsa/keygen: GHSA-v592-xf75-856p #775)
  • data/reports/GO-2022-0814.yaml (x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum/cmd/evm: GHSA-9h4h-8w5p-f28w #814)
  • data/reports/GO-2022-0871.yaml (x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum/eth: GHSA-qr2j-wrhx-4829 #871)
  • data/reports/GO-2023-2046.yaml (x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: CVE-2023-40591 #2046)
  • data/reports/GO-2024-2819.yaml (x/vulndb: potential Go vuln in github.com/ethereum/go-ethereum: GHSA-4xc9-8hmq-j652 #2819)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/ethereum/go-ethereum
      vulnerable_at: 1.14.13
summary: CVE-2025-24883 in github.com/ethereum/go-ethereum
cves:
    - CVE-2025-24883
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-24883
    - fix: https://github.com/ethereum/go-ethereum/commit/fa9a2ff8687ec9efe57b4b9833d5590d20f8a83f
    - web: https://github.com/ethereum/go-ethereum/security/advisories/GHSA-q26p-9cq4-7fc2
source:
    id: CVE-2025-24883
    created: 2025-01-30T17:01:25.162446187Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/646595 mentions this issue: data/reports: add 9 unreviewed reports