Vulnerabilities (CVE)

Filtered by vendor Ethereum Subscribe
Filtered by product Go Ethereum
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43668 1 Ethereum 1 Go Ethereum 2021-11-23 2.1 LOW 5.5 MEDIUM
Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal.
CVE-2021-41173 1 Ethereum 1 Go Ethereum 2021-10-28 3.5 LOW 5.7 MEDIUM
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.
CVE-2021-39137 1 Ethereum 1 Go Ethereum 2021-08-31 5.0 MEDIUM 7.5 HIGH
go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available.
CVE-2020-26265 1 Ethereum 1 Go Ethereum 2020-12-14 3.5 LOW 5.3 MEDIUM
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version.
CVE-2020-26264 1 Ethereum 1 Go Ethereum 2020-12-14 4.0 MEDIUM 6.5 MEDIUM
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25.
CVE-2020-26241 1 Ethereum 1 Go Ethereum 2020-12-03 5.5 MEDIUM 7.1 HIGH
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that writes X to an EVM memory region R, then calls 0x00..04 with R as an argument, then overwrites R to Y, and finally invokes the RETURNDATACOPY opcode. When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y. This is fixed in version 1.9.17.
CVE-2020-26242 1 Ethereum 1 Go Ethereum 2020-12-03 5.0 MEDIUM 7.5 HIGH
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.
CVE-2020-26240 1 Ethereum 1 Go Ethereum 2020-12-03 5.0 MEDIUM 7.5 HIGH
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24
CVE-2018-20421 1 Ethereum 1 Go Ethereum 2019-10-03 5.0 MEDIUM 7.5 HIGH
Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of "assembly { mstore }" followed by a "c[0xC800000] = 0xFF" assignment.
CVE-2018-19184 1 Ethereum 1 Go Ethereum 2018-12-13 5.0 MEDIUM 7.5 HIGH
cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode.
CVE-2018-16733 1 Ethereum 1 Go Ethereum 2018-11-07 5.0 MEDIUM 7.5 HIGH
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.
CVE-2018-12018 1 Ethereum 1 Go Ethereum 2018-09-04 5.0 MEDIUM 7.5 HIGH
The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue.