110 matches found
CVE-2020-26264
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly...
Denial of service
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly...
Code injection
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade...
CVE-2020-26264 LES Server DoS via GetProofsV2
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly...
CVE-2020-26264
Go Ethereum (Geth) before v1.9.25 is vulnerable to a denial-of-service affecting the LES server via a malicious GetProofsV2 request from a connected LES client. The issue only concerns users who explicitly enable the LES server; disabling LES prevents exploitation. The vulnerability was fixed in ...
CVE-2020-26265
Go Ethereum (Geth) up to v1.9.19 (inclusive) is affected by a consensus vulnerability that could lead to a chain split where non-canonical chains are rejected. The issue stems from how state/account creation interacted with deleted accounts, causing inconsistent consensus under certain transactio...
CVE-2020-26242
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service crash during block processing. This is fixed in 1.9.18...
CVE-2020-26242
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service crash during block processing. This is fixed in 1.9.18...
CVE-2020-26241
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy at 0x00...04 contract di...
CVE-2020-26240
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch estimated early January, 2021. This happened on the ETC chain on...
CVE-2020-26240
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch estimated early January, 2021. This happened on the ETC chain on...
Design/Logic Flaw
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch estimated early January, 2021. This happened on the ETC chain on...
Design/Logic Flaw
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy at 0x00...04 contract di...
Design/Logic Flaw
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service crash during block processing. This is fixed in 1.9.18...
CVE-2020-26240
CVE-2020-26240 affects Go Ethereum (Geth). The issue is an ethash mining DAG generation flaw that could cause miners to compute PoW incorrectly in an upcoming epoch; non-mining nodes are unaffected. Affected software: Geth prior to version 1.9.24. Root cause: DAG generation flaw in ethash logic. ...
CVE-2020-26240 Erroneous Proof of Work calculation in geth
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch estimated early January, 2021. This happened on the ETC chain on...
CVE-2020-26241
CVE-2020-26241 is a consensus vulnerability in the Go Ethereum (Geth) client prior to version 1.9.17. A crafted contract can trigger a mismatch between the EVM’s RETURNDATACOPY path and Geth’s execution by exploiting a shallow copy bug in the pre-compiled dataCopy contract (0x0000…04). An attacke...
CVE-2020-26241 Shallow copy bug in geth
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy at 0x00...04 contract di...
CVE-2020-26242 Denial of service in geth
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service crash during block processing. This is fixed in 1.9.18...
CVE-2020-26242
Go Ethereum (Geth) before version 1.9.18 is vulnerable to a Denial-of-Service (crash) during block processing. The issue stems from the uint256 library behavior (buffer underflow in MULMOD when modulo is 0), which can cause a panic and network-wide node drops if exploited. A fix was released by u...