Moderate severityNVD Advisory· Published Aug 24, 2021· Updated Aug 4, 2024
Consensus flaw during block processing in go-ethereum
CVE-2021-39137
Description
go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming v1.10.8 release. No workaround are available.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ethereum/go-ethereumGo | >= 1.10.0, < 1.10.8 | 1.10.8 |
Affected products
1- Range: >= 1.10.0, < 1.10.8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-9856-9gg9-qcmqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-39137ghsaADVISORY
- github.com/ethereum/go-ethereum/pull/23381/commits/4d4879cafd1b3c906fc184a8c4a357137465128fghsaWEB
- github.com/ethereum/go-ethereum/releases/tag/v1.10.8ghsax_refsource_MISCWEB
- github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmqghsax_refsource_CONFIRMWEB
- pkg.go.dev/vuln/GO-2022-0254ghsaWEB
News mentions
0No linked articles in our index yet.