CVE-2020-26265
MEDIUM5.3EPSS 0.27%Consensus flaw in github.com/ethereum/go-ethereum
Published: 6/29/2021Modified: 5/20/2024
Description
Due to an incorrect state calculation, a specific set of transactions could cause a consensus disagreement, causing users of this package to reject a canonical chain.
Affected packages (2)
- Go/github.com/ethereum/go-ethereum>= 1.9.4, < 1.9.20
- Go/github.com/ethereum/go-ethereum>= 1.9.4, < 1.9.20
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-26265
- PATCHhttps://github.com/ethereum/go-ethereum
- WEBhttps://github.com/ethereum/go-ethereum/commit/87c0ba92136a75db0ab2aba1046d4a9860375d6a
- WEBhttps://github.com/ethereum/go-ethereum/pull/21080
- WEBhttps://github.com/ethereum/go-ethereum/pull/21409
- WEBhttps://github.com/ethereum/go-ethereum/releases/tag/v1.9.20
- WEBhttps://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4
- WEBhttps://pkg.go.dev/vuln/GO-2021-0105