Denial of Service Vulnerability in Ethereum Proof-of-Stake Consensus Protocol
CVE-2021-42764

9.1CRITICAL

Key Information:

Vendor: Proof-of-stake Ethereum Project
Status: Proof-of-stake Ethereum
Vendor: CVE Published:; 20 October 2021

What is CVE-2021-42764?

The Ethereum Proof-of-Stake consensus protocol, through October 19, 2021, is vulnerable to a denial of service attack that can delay consensus decisions. This vulnerability allows adversaries to perform short-range reorganizations on the underlying consensus chain, potentially increasing the profits of specific validators while undermining the overall reliability of the network.

References

https://arxiv.org/abs/2110.10086

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Oct 20, 2021

Proof-of-stake Ethereum Project

What is CVE-2021-42764?

References

CVSS V3.1

Timeline