Moderate severityNVD Advisory· Published Dec 11, 2020· Updated Aug 4, 2024
Consensus flaw during block processing
CVE-2020-26265
Description
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ethereum/go-ethereumGo | >= 1.9.4, < 1.9.20 | 1.9.20 |
Affected products
2- Range: >= 1.9.4, < 1.9.20
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-xw37-57qp-9mm4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-26265ghsaADVISORY
- github.com/ethereum/go-ethereum/commit/87c0ba92136a75db0ab2aba1046d4a9860375d6aghsaWEB
- github.com/ethereum/go-ethereum/pull/21080ghsaWEB
- github.com/ethereum/go-ethereum/pull/21409ghsaWEB
- github.com/ethereum/go-ethereum/releases/tag/v1.9.20ghsax_refsource_MISCWEB
- github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4ghsax_refsource_CONFIRMWEB
- pkg.go.dev/vuln/GO-2021-0105ghsaWEB
News mentions
0No linked articles in our index yet.