Nixpkgs security tracker

Permalink CVE-2026-26313

created 1 month, 4 weeks ago

Go Ethereum affected by DoS via malicious p2p message

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release.

References

https://github.com/ethereum/go-ethereum/security/advisories/GHSA-689v-6xwf-5jf3 x_refsource_CONFIRM
https://github.com/ethereum/go-ethereum/releases/tag/v1.17.0 x_refsource_MISC

Affected products

go-ethereum

==< 1.17.0

Matching in nixpkgs

pkgs.go-ethereum

Official golang implementation of the Ethereum protocol

nixos-unstable 1.16.8
- nixpkgs-unstable 1.16.8
- nixos-unstable-small 1.16.8
nixos-25.11 1.16.5
- nixos-25.11-small 1.16.5
- nixpkgs-25.11-darwin 1.16.5

Package maintainers

@RaghavSood Raghav Sood <r@raghavsood.com>
@asymmetric Lorenzo Manacorda <lorenzo@mailbox.org>

Permalink CVE-2026-26314

created 1 month, 4 weeks ago

Go Ethereum affected by DoS via malicious p2p message

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth.

References

https://github.com/ethereum/go-ethereum/security/advisories/GHSA-2gjw-fg97-vg3r x_refsource_CONFIRM
https://github.com/ethereum/go-ethereum/commit/895a8597cb16c02203e38707ed2d1da5c500fe60 x_refsource_MISC
https://github.com/ethereum/go-ethereum/releases/tag/v1.16.9 x_refsource_MISC

Affected products

go-ethereum

==< 1.16.9

Matching in nixpkgs

pkgs.go-ethereum

Official golang implementation of the Ethereum protocol

nixos-unstable 1.16.8
- nixpkgs-unstable 1.16.8
- nixos-unstable-small 1.16.8
nixos-25.11 1.16.5
- nixos-25.11-small 1.16.5
- nixpkgs-25.11-darwin 1.16.5

Package maintainers

@RaghavSood Raghav Sood <r@raghavsood.com>
@asymmetric Lorenzo Manacorda <lorenzo@mailbox.org>

Permalink CVE-2026-26315

created 1 month, 4 weeks ago

Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake

go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. Geth maintainers recommend rotating the node key after applying the upgrade, which can be done by removing the file `<datadir>/geth/nodekey` before starting Geth.

References

https://github.com/ethereum/go-ethereum/security/advisories/GHSA-m6j8-rg6r-7mv8 x_refsource_CONFIRM

Affected products

go-ethereum

==< 1.16.9

Matching in nixpkgs

pkgs.go-ethereum

Official golang implementation of the Ethereum protocol

nixos-unstable 1.16.8
- nixpkgs-unstable 1.16.8
- nixos-unstable-small 1.16.8
nixos-25.11 1.16.5
- nixos-25.11-small 1.16.5
- nixpkgs-25.11-darwin 1.16.5

Package maintainers

@RaghavSood Raghav Sood <r@raghavsood.com>
@asymmetric Lorenzo Manacorda <lorenzo@mailbox.org>

Permalink CVE-2026-22862

created 3 months ago

go-ethereum has a DoS via malicious p2p message

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8.

References

https://github.com/ethereum/go-ethereum/security/advisories/GHSA-mr7q-c9w9-wh4h x_refsource_CONFIRM
https://github.com/ethereum/go-ethereum/commit/abeb78c647e354ed922726a1d719ac7bc64a07e2 x_refsource_MISC

Affected products

go-ethereum

==< 1.16.8

Matching in nixpkgs

pkgs.go-ethereum

Official golang implementation of the Ethereum protocol

nixos-unstable 1.16.1
- nixpkgs-unstable 1.16.1
- nixos-unstable-small 1.16.1
nixos-25.11 1.16.5
- nixpkgs-25.11-darwin 1.16.5

Package maintainers

@asymmetric Lorenzo Manacorda <lorenzo@mailbox.org>
@RaghavSood Raghav Sood <r@raghavsood.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.go-ethereum

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.go-ethereum

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.go-ethereum

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.go-ethereum

Package maintainers