Denial of Service Vulnerability in Ethereum's Proof-of-Stake Consensus Protocol
CVE-2021-42766

9.1CRITICAL

Key Information:

Vendor: Proof-of-stake Ethereum Project
Status: Proof-of-stake Ethereum
Vendor: CVE Published:; 20 October 2021

What is CVE-2021-42766?

The Ethereum Proof-of-Stake consensus protocol, prior to October 19, 2021, is susceptible to a denial of service attack. An attacker can exploit long-range consensus chain reorganizations, which allows them to disrupt network operations even with minimal stake. This vulnerability poses risks such as potential protocol stalls and may inadvertently benefit certain validators by increasing their profits at the expense of network stability.

References

https://arxiv.org/abs/2110.10086

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Oct 20, 2021

Proof-of-stake Ethereum Project

What is CVE-2021-42766?

References

CVSS V3.1

Timeline