CVE-2020-26265
MEDIUM5.3EPSS 0.27%Consensus flaw in github.com/ethereum/go-ethereum
發布日:2021/6/29修改日:2024/5/20
描述
Due to an incorrect state calculation, a specific set of transactions could cause a consensus disagreement, causing users of this package to reject a canonical chain.
受影響套件(2)
- Go/github.com/ethereum/go-ethereum>= 1.9.4, < 1.9.20
- Go/github.com/ethereum/go-ethereum>= 1.9.4, < 1.9.20
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-26265
- PATCHhttps://github.com/ethereum/go-ethereum
- WEBhttps://github.com/ethereum/go-ethereum/commit/87c0ba92136a75db0ab2aba1046d4a9860375d6a
- WEBhttps://github.com/ethereum/go-ethereum/pull/21080
- WEBhttps://github.com/ethereum/go-ethereum/pull/21409
- WEBhttps://github.com/ethereum/go-ethereum/releases/tag/v1.9.20
- WEBhttps://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4
- WEBhttps://pkg.go.dev/vuln/GO-2021-0105