Nixpkgs Security Tracker

Permalink CVE-2026-26313

updated 1 day, 14 hours ago by @LeSuisse Activity log

Created automatic suggestion 1 day, 19 hours ago
@LeSuisse accepted 1 day, 14 hours ago
@LeSuisse published on GitHub 1 day, 14 hours ago

Go Ethereum affected by DoS via malicious p2p message

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release.

Affected products

go-ethereum

==< 1.17.0

Matching in nixpkgs

pkgs.go-ethereum

Official golang implementation of the Ethereum protocol

nixos-unstable 1.16.8
- nixpkgs-unstable 1.16.8
- nixos-unstable-small 1.16.8
nixos-25.11 1.16.5
- nixos-25.11-small 1.16.5
- nixpkgs-25.11-darwin 1.16.5

Package maintainers

@asymmetric Lorenzo Manacorda <lorenzo@mailbox.org>
@RaghavSood Raghav Sood <r@raghavsood.com>

Upstream advisory: https://github.com/ethereum/go-ethereum/security/advisories/GHSA-689v-6xwf-5jf3

Permalink CVE-2026-26314

updated 1 day, 14 hours ago by @LeSuisse Activity log

Created automatic suggestion 1 day, 19 hours ago
@LeSuisse accepted 1 day, 14 hours ago
@LeSuisse published on GitHub 1 day, 14 hours ago

Go Ethereum affected by DoS via malicious p2p message

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth.

Affected products

go-ethereum

==< 1.16.9

Matching in nixpkgs

pkgs.go-ethereum

Official golang implementation of the Ethereum protocol

nixos-unstable 1.16.8
- nixpkgs-unstable 1.16.8
- nixos-unstable-small 1.16.8
nixos-25.11 1.16.5
- nixos-25.11-small 1.16.5
- nixpkgs-25.11-darwin 1.16.5

Package maintainers

@asymmetric Lorenzo Manacorda <lorenzo@mailbox.org>
@RaghavSood Raghav Sood <r@raghavsood.com>

Upstream advisory: https://github.com/ethereum/go-ethereum/security/advisories/GHSA-2gjw-fg97-vg3r
Upstream patch: https://github.com/ethereum/go-ethereum/commit/895a8597cb16c02203e38707ed2d1da5c500fe60

Permalink CVE-2026-26315

updated 1 day, 14 hours ago by @LeSuisse Activity log

Created automatic suggestion 1 day, 19 hours ago
@LeSuisse accepted 1 day, 14 hours ago
@LeSuisse published on GitHub 1 day, 14 hours ago

Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake

go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. Geth maintainers recommend rotating the node key after applying the upgrade, which can be done by removing the file `<datadir>/geth/nodekey` before starting Geth.

Affected products

go-ethereum

==< 1.16.9

Matching in nixpkgs

pkgs.go-ethereum

Official golang implementation of the Ethereum protocol

nixos-unstable 1.16.8
- nixpkgs-unstable 1.16.8
- nixos-unstable-small 1.16.8
nixos-25.11 1.16.5
- nixos-25.11-small 1.16.5
- nixpkgs-25.11-darwin 1.16.5

Package maintainers

@asymmetric Lorenzo Manacorda <lorenzo@mailbox.org>
@RaghavSood Raghav Sood <r@raghavsood.com>

Upstream advisory: https://github.com/ethereum/go-ethereum/security/advisories/GHSA-m6j8-rg6r-7mv8

Suggestions search

Affected products

Matching in nixpkgs

pkgs.go-ethereum

Package maintainers

Affected products

Matching in nixpkgs

pkgs.go-ethereum

Package maintainers

Affected products

Matching in nixpkgs

pkgs.go-ethereum

Package maintainers