Consensus flaw during block processing in go-ethereum
CVE-2021-39137

6.5MEDIUM

Key Information:

Vendor: Ethereum
Status: Go-ethereum
Vendor: CVE Published:; 24 August 2021

What is CVE-2021-39137?

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming v1.10.8 release. No workaround are available.

Affected Version(s)

go-ethereum >= 1.10.0, < 1.10.8

References

https://github.com/ethereum/go-ethereum/security/advisori...

x_refsource_CONFIRM

https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 24, 2021
Vulnerability Reserved
Aug 16, 2021