Lucene search
K

110 matches found

OSV
OSV
added 2022/07/15 11:7 p.m.34 views

GO-2022-0254 Consensus flaw during block processing in github.com/ethereum/go-ethereum

A vulnerability in the Geth EVM can cause a node to reject the canonical chain. A memory-corruption bug within the EVM can cause a consensus error, where vulnerable nodes obtain a different stateRoot when processing a maliciously crafted transaction. This, in turn, would lead to the chain being...

7.5CVSS7.3AI score0.01527EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/03/05 12:0 a.m.37 views

Denial of Service in Go-Ethereum

A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and th...

7.5CVSS3.7AI score0.0134EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/25 7:42 p.m.48 views

Geth Node Vulnerable to DoS via maliciously crafted p2p message

Impact A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer, via the snap/1 protocol. The crash can be triggered by sending a malicious snap/1 GetTrieNodes package. Details On September 21, 2021, geth-team member Gary Rong @rjl493456442 found a way t...

5.7CVSS5.7AI score0.01202EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2021/10/25 7:42 p.m.20 views

GHSA-59HH-656J-3P7V Geth Node Vulnerable to DoS via maliciously crafted p2p message

Impact A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer, via the snap/1 protocol. The crash can be triggered by sending a malicious snap/1 GetTrieNodes package. Details On September 21, 2021, geth-team member Gary Rong @rjl493456442 found a way t...

5.7CVSS5.5AI score0.01202EPSS
Exploits0References8
OSV
OSV
added 2021/10/19 3:28 p.m.38 views

GHSA-PVH2-PJ76-4M96 Specification non-compliance in JUMPI

Impact In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Patches This is a high severity security advisory if you use evm crate for...

8.7CVSS9.7AI score0.00995EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/10/18 9:0 p.m.60 views

CVE-2021-41153 Specification non-compliance in JUMPI

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...

8.7CVSS9.8AI score0.00995EPSS
Exploits0References2
OSV
OSV
added 2021/08/30 4:15 p.m.20 views

GHSA-9856-9GG9-QCMQ Ethereum Contains Consensus Flaw During Block Processing

Impact A vulnerability in the Geth EVM could cause a node to reject the canonical chain. Description A memory-corruption bug within the EVM can cause a consensus error, where vulnerable nodes obtain a different stateRoot when processing a maliciously crafted transaction. This, in turn, would lead...

6.5CVSS7.4AI score0.01527EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/08/30 4:15 p.m.49 views

Ethereum Contains Consensus Flaw During Block Processing

Impact A vulnerability in the Geth EVM could cause a node to reject the canonical chain. Description A memory-corruption bug within the EVM can cause a consensus error, where vulnerable nodes obtain a different stateRoot when processing a maliciously crafted transaction. This, in turn, would lead...

7.5CVSS7AI score0.01527EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/08/24 4:15 p.m.31 views

CVE-2021-39137

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a late...

7.5CVSS6.6AI score
Exploits0References2
Prion
Prion
added 2021/08/24 4:15 p.m.15 views

Design/Logic Flaw

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a late...

5CVSS7.4AI score0.01527EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/06/29 9:14 p.m.33 views

GHSA-XW37-57QP-9MM4 Consensus flaw during block processing in github.com/ethereum/go-ethereum

Impact A consensus-vulnerability in Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Description A flaw was repoted at 2020-08-11 by John Youngseok Yang Software Platform Lab, where a particular sequence of transactions could cause a consensus failur...

5.3CVSS5.2AI score0.00909EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2021/06/29 9:14 p.m.78 views

Consensus flaw during block processing in github.com/ethereum/go-ethereum

Impact A consensus-vulnerability in Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Description A flaw was repoted at 2020-08-11 by John Youngseok Yang Software Platform Lab, where a particular sequence of transactions could cause a consensus failur...

5.3CVSS5.4AI score0.00909EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/29 9:13 p.m.46 views

Denial of service in geth

Impact Denial-of-service crash during block processing Details Affected versions suffer from a vulnerability which can be exploited through the MULMOD operation, by specifying a modulo of 0: mulmoda,b,0, causing a panic in the underlying library. The crash was in the uint256 library, where a buff...

7.5CVSS7.5AI score0.01462EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2021/06/29 9:13 p.m.31 views

GHSA-69V6-XC2J-R2JF Shallow copy bug in geth

Impact This is a Consensus vulnerability, which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth’s pre-compiled dataCopy at 0x00...04 contract did a shallow copy on invocation. An attacker could deploy a contract that - writes X to an EVM memory region R,...

6.5CVSS6.8AI score0.01081EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/06/29 9:13 p.m.80 views

Shallow copy bug in geth

Impact This is a Consensus vulnerability, which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth’s pre-compiled dataCopy at 0x00...04 contract did a shallow copy on invocation. An attacker could deploy a contract that - writes X to an EVM memory region R,...

7.1CVSS6.8AI score0.01081EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/06/29 9:12 p.m.42 views

GHSA-V592-XF75-856P Erroneous Proof of Work calculation in geth

Impact An ethash mining DAG generation flaw in Geth could cause miners to erroneously calculate PoW in an upcoming epoch estimated early January, 2021. This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. Patches This issue is also...

5.3CVSS7.4AI score0.01643EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/06/29 9:12 p.m.63 views

Erroneous Proof of Work calculation in geth

Impact An ethash mining DAG generation flaw in Geth could cause miners to erroneously calculate PoW in an upcoming epoch estimated early January, 2021. This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. Patches This issue is also...

7.5CVSS7.4AI score0.01643EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2020/12/11 5:15 p.m.28 views

CVE-2020-26265

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade...

5.3CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2020/12/11 5:15 p.m.36 views

CVE-2020-26265

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade...

5.3CVSS5.3AI score0.00909EPSS
Exploits0References2
NVD
NVD
added 2020/12/11 5:15 p.m.29 views

CVE-2020-26264

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly...

6.5CVSS6.4AI score0.01864EPSS
Exploits0References4
Rows per page
Query Builder