Consensus flaw during block processing
CVE-2020-26265

5.3MEDIUM

Key Information:

Vendor: Ethereum
Status: Go-ethereum
Vendor: CVE Published:; 11 December 2020

What is CVE-2020-26265?

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version.

Affected Version(s)

go-ethereum >= 1.9.4, < 1.9.20

References

https://github.com/ethereum/go-ethereum/security/advisori...

x_refsource_CONFIRM

https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2020
Vulnerability Reserved
Oct 1, 2020