CVE-2021-39137
published 2021-08-24CVE-2021-39137: go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.53%
71.5th percentile
go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ethereum | go-ethereum | — | — |
| ethereum | go_ethereum | >= 1.10.0 < 1.10.8 | 1.10.8 |
| github.com | ethereum_go-ethereum | >= 0 < 1.10.8 | 1.10.8 |
| github.com | ethereum_go-ethereum | >= 1.10.0 < 1.10.8 | 1.10.8 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Consensus flaw during block processing in github.com/ethereum/go-ethereum
osv·2022-07-15
CVE-2021-39137 Consensus flaw during block processing in github.com/ethereum/go-ethereum
Consensus flaw during block processing in github.com/ethereum/go-ethereum
A vulnerability in the Geth EVM can cause a node to reject the canonical chain.
A memory-corruption bug within the EVM can cause a consensus error, where vulnerable nodes obtain a different stateRoot when processing a maliciously crafted transaction. This, in turn, would lead to the chain being split in two forks.
OSV
Ethereum Contains Consensus Flaw During Block Processing
osv·2021-08-30
CVE-2021-39137 [MEDIUM] Ethereum Contains Consensus Flaw During Block Processing
Ethereum Contains Consensus Flaw During Block Processing
### Impact
A vulnerability in the Geth EVM could cause a node to reject the canonical chain.
### Description
A memory-corruption bug within the EVM can cause a consensus error, where vulnerable nodes obtain a different `stateRoot` when processing a maliciously crafted transaction. This, in turn, would lead to the chain being split in two forks.
All Geth versions supporting the London hard fork are vulnerable (which predates London), so all users should update.
This bug was exploited on Mainnet at block 13107518, leading to a minority chain split.
### Patches
A patch is included in the `v1.10.8` release.
The exact patch to fix the issue is contained within this [commit](https://github.com/ethereum/go-ethereum/pull/23381/commit
GHSA
Ethereum Contains Consensus Flaw During Block Processing
ghsa·2021-08-30
CVE-2021-39137 [MEDIUM] CWE-436 Ethereum Contains Consensus Flaw During Block Processing
Ethereum Contains Consensus Flaw During Block Processing
### Impact
A vulnerability in the Geth EVM could cause a node to reject the canonical chain.
### Description
A memory-corruption bug within the EVM can cause a consensus error, where vulnerable nodes obtain a different `stateRoot` when processing a maliciously crafted transaction. This, in turn, would lead to the chain being split in two forks.
All Geth versions supporting the London hard fork are vulnerable (which predates London), so all users should update.
This bug was exploited on Mainnet at block 13107518, leading to a minority chain split.
### Patches
A patch is included in the `v1.10.8` release.
The exact patch to fix the issue is contained within this [commit](https://github.com/ethereum/go-ethereum/pull/23381/commit
No detection rules found.
No public exploits indexed.
2021-08-24
Published