Moderate severityNVD Advisory· Published Nov 25, 2020· Updated Aug 4, 2024

Denial of service in geth

CVE-2020-26242

Description

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/ethereum/go-ethereumGo	>= 1.9.16, < 1.9.18	1.9.18
github.com/holiman/uint256Go	>= 0.1.0, < 1.1.1	1.1.1

Affected products

Ethereum/Go Ethereumv5
Range: < 1.9.18

Patches

6785da6e3eea

Handle mod 0 uniformly for all API methods (#80)

https://github.com/holiman/uint256Péter SzilágyiJul 24, 2020via ghsa

commit

2 files changed · +30 −5

uint256.go+10 −2 modified

@@ -190,8 +190,12 @@ func (z *Int) AddOverflow(x, y *Int) bool {
 	return carry != 0
 }
 
-// AddMod sets z to the sum ( x+y ) mod m, and returns z
+// AddMod sets z to the sum ( x+y ) mod m, and returns z.
+// If m == 0, z is set to 0 (OBS: differs from the big.Int)
 func (z *Int) AddMod(x, y, m *Int) *Int {
+	if m.IsZero() {
+		return z.Clear()
+	}
 	if z == m { // z is an alias for m  // TODO: Understand why needed and add tests for all "division" methods.
 		m = m.Clone()
 	}
@@ -567,8 +571,12 @@ func (z *Int) SMod(x, y *Int) *Int {
 }
 
 // MulMod calculates the modulo-m multiplication of x and y and
-// returns z
+// returns z.
+// If m == 0, z is set to 0 (OBS: differs from the big.Int)
 func (z *Int) MulMod(x, y, m *Int) *Int {
+	if x.IsZero() || y.IsZero() || m.IsZero() {
+		return z.Clear()
+	}
 	p := umul(x, y)
 	var (
 		pl Int

uint256_test.go+20 −3 modified

@@ -74,6 +74,10 @@ var (
 
 	// A collection of interesting input values for ternary operators (addmod, mulmod).
 	ternTestCases = [][3]string{
+		{"0", "0", "0"},
+		{"1", "0", "0"},
+		{"1", "1", "0"},
+		{"0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd", "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe", "0"},
 		{"0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd", "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe", "0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"},
 		{"0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd", "3", "0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"},
 		{"0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"},
@@ -920,9 +924,22 @@ func TestTernOp(t *testing.T) {
 			}
 		}
 	}
-
-	t.Run("AddMod", func(t *testing.T) { proc(t, (*Int).AddMod, addMod) })
-	t.Run("MulMod", func(t *testing.T) { proc(t, (*Int).MulMod, mulMod) })
+	t.Run("AddMod", func(t *testing.T) {
+		proc(t, (*Int).AddMod, func(z, x, y, m *big.Int) *big.Int {
+			if m.Sign() == 0 {
+				return z.SetUint64(0)
+			}
+			return addMod(z, x, y, m)
+		})
+	})
+	t.Run("MulMod", func(t *testing.T) {
+		proc(t, (*Int).MulMod, func(z, x, y, m *big.Int) *big.Int {
+			if m.Sign() == 0 {
+				return z.SetUint64(0)
+			}
+			return mulMod(z, x, y, m)
+		})
+	})
 }
 
 func TestCmpOp(t *testing.T) {

7163a6664ee6

ethclient: serialize negative block number as "pending" (#21177)

https://github.com/ethereum/go-ethereumSammy LibreJul 21, 2020via ghsa

commit

4 files changed · +30 −12

core/types/gen_log_json.go+8 −10 modified

@@ -20,9 +20,9 @@ func (l Log) MarshalJSON() ([]byte, error) {
 		Data        hexutil.Bytes  `json:"data" gencodec:"required"`
 		BlockNumber hexutil.Uint64 `json:"blockNumber"`
 		TxHash      common.Hash    `json:"transactionHash" gencodec:"required"`
-		TxIndex     hexutil.Uint   `json:"transactionIndex" gencodec:"required"`
+		TxIndex     hexutil.Uint   `json:"transactionIndex"`
 		BlockHash   common.Hash    `json:"blockHash"`
-		Index       hexutil.Uint   `json:"logIndex" gencodec:"required"`
+		Index       hexutil.Uint   `json:"logIndex"`
 		Removed     bool           `json:"removed"`
 	}
 	var enc Log
@@ -46,9 +46,9 @@ func (l *Log) UnmarshalJSON(input []byte) error {
 		Data        *hexutil.Bytes  `json:"data" gencodec:"required"`
 		BlockNumber *hexutil.Uint64 `json:"blockNumber"`
 		TxHash      *common.Hash    `json:"transactionHash" gencodec:"required"`
-		TxIndex     *hexutil.Uint   `json:"transactionIndex" gencodec:"required"`
+		TxIndex     *hexutil.Uint   `json:"transactionIndex"`
 		BlockHash   *common.Hash    `json:"blockHash"`
-		Index       *hexutil.Uint   `json:"logIndex" gencodec:"required"`
+		Index       *hexutil.Uint   `json:"logIndex"`
 		Removed     *bool           `json:"removed"`
 	}
 	var dec Log
@@ -74,17 +74,15 @@ func (l *Log) UnmarshalJSON(input []byte) error {
 		return errors.New("missing required field 'transactionHash' for Log")
 	}
 	l.TxHash = *dec.TxHash
-	if dec.TxIndex == nil {
-		return errors.New("missing required field 'transactionIndex' for Log")
+	if dec.TxIndex != nil {
+		l.TxIndex = uint(*dec.TxIndex)
 	}
-	l.TxIndex = uint(*dec.TxIndex)
 	if dec.BlockHash != nil {
 		l.BlockHash = *dec.BlockHash
 	}
-	if dec.Index == nil {
-		return errors.New("missing required field 'logIndex' for Log")
+	if dec.Index != nil {
+		l.Index = uint(*dec.Index)
 	}
-	l.Index = uint(*dec.Index)
 	if dec.Removed != nil {
 		l.Removed = *dec.Removed
 	}

core/types/log.go+2 −2 modified

@@ -44,11 +44,11 @@ type Log struct {
 	// hash of the transaction
 	TxHash common.Hash `json:"transactionHash" gencodec:"required"`
 	// index of the transaction in the block
-	TxIndex uint `json:"transactionIndex" gencodec:"required"`
+	TxIndex uint `json:"transactionIndex"`
 	// hash of the block in which the transaction was included
 	BlockHash common.Hash `json:"blockHash"`
 	// index of the log in the block
-	Index uint `json:"logIndex" gencodec:"required"`
+	Index uint `json:"logIndex"`
 
 	// The Removed field is true if this log was reverted due to a chain reorganisation.
 	// You must pay attention to this field if you receive logs through a filter query.

ethclient/ethclient.go+4 −0 modified

@@ -282,6 +282,10 @@ func toBlockNumArg(number *big.Int) string {
 	if number == nil {
 		return "latest"
 	}
+	pending := big.NewInt(-1)
+	if number.Cmp(pending) == 0 {
+		return "pending"
+	}
 	return hexutil.EncodeBig(number)
 }

ethclient/ethclient_test.go+16 −0 modified

@@ -97,6 +97,22 @@ func TestToFilterArg(t *testing.T) {
 			},
 			nil,
 		},
+		{
+			"with negative fromBlock and negative toBlock",
+			ethereum.FilterQuery{
+				Addresses: addresses,
+				FromBlock: big.NewInt(-1),
+				ToBlock:   big.NewInt(-1),
+				Topics:    [][]common.Hash{},
+			},
+			map[string]interface{}{
+				"address":   addresses,
+				"fromBlock": "pending",
+				"toBlock":   "pending",
+				"topics":    [][]common.Hash{},
+			},
+			nil,
+		},
 		{
 			"with blockhash",
 			ethereum.FilterQuery{

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-jm5c-rv3w-w83mghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2020-26242ghsaADVISORY
blog.ethereum.org/2020/11/12/geth_security_releaseghsaWEB
blog.ethereum.org/2020/11/12/geth_security_release/mitrex_refsource_MISC
github.com/ethereum/go-ethereum/commit/7163a6664ee664df81b9028ab3ba13b9d65a7196ghsaWEB
github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83mghsax_refsource_CONFIRMWEB
github.com/holiman/uint256/commit/6785da6e3eea403260a5760029e722aa4ff1716dghsaWEB
github.com/holiman/uint256/pull/80ghsaWEB
pkg.go.dev/vuln/GO-2021-0103ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000