NRDAX
Submit

← registry

NRDAX-T0038 - Count Underflow Header Serving Amplification

memory_amp · active · first seen 2026-07-07

provenance: Reproduced in NullRabbit's attack-reproduction pipeline

mechanism

CVE-2024-32972: eth GetBlockHeaders amount=0 → count-1 underflows to UINT64_MAX → bypasses maxHeadersServe → serves all headers to genesis → memory exhaustion (geth <1.13.15)

instances (1)

chainprimitivefidelityoriginreproducer (bundle)source
ethereum geth_getblockheaders_count_zero lab reverse-engineered-cve geth_getblockheaders_count_zero https://github.com/ethereum/go-ethereum/security/advisories/GHSA-4xc9-8hmq-j652 ↗

related (memory_amp)

cite

https://nrdax.com/techniques/NRDAX-T0038

plain

NRDAX Registry. Technique NRDAX-T0038.

bibtex
@misc{nrdax_NRDAX_T0038,
  title = {Count Underflow Header Serving Amplification (NRDAX-T0038)},
  howpublished = {NRDAX Registry},
  url = {https://nrdax.com/techniques/NRDAX-T0038},
}
json (csl)
{
  "id": "nrdax-NRDAX-T0038",
  "type": "dataset",
  "title": "Count Underflow Header Serving Amplification (NRDAX-T0038)",
  "URL": "https://nrdax.com/techniques/NRDAX-T0038",
  "publisher": "NRDAX Registry"
}