Go modules package
github.com/ethereum/go-ethereum
pkg:golang/github.com/ethereum/go-ethereum
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-26241 | — | >= 1.9.7, < 1.9.17 | 1.9.17 | Nov 25, 2020 | Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x0 | ||
| CVE-2020-26242 | — | >= 1.9.16, < 1.9.18 | 1.9.18 | Nov 25, 2020 | Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18. | ||
| CVE-2018-19184 | — | < 1.8.14 | 1.8.14 | Nov 12, 2018 | cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode. | ||
| CVE-2018-16733 | — | < 1.8.14 | 1.8.14 | Sep 8, 2018 | In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. | ||
| CVE-2018-12018 | — | < 1.8.11 | 1.8.11 | Jul 5, 2018 | The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet wi |
- CVE-2020-26241Nov 25, 2020affected >= 1.9.7, < 1.9.17fixed 1.9.17
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x0
- CVE-2020-26242Nov 25, 2020affected >= 1.9.16, < 1.9.18fixed 1.9.18
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.
- CVE-2018-19184Nov 12, 2018affected < 1.8.14fixed 1.8.14
cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode.
- CVE-2018-16733Sep 8, 2018affected < 1.8.14fixed 1.8.14
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.
- CVE-2018-12018Jul 5, 2018affected < 1.8.11fixed 1.8.11
The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet wi
Page 2 of 2