CVE-2020-26241: Shallow copy bug in geth
(updated )
This is a Consensus vulnerability, which can be used to cause a chain-split where vulnerable nodes reject the canonical chain.
Geth’s pre-compiled dataCopy
(at 0x00...04
) contract did a shallow copy on invocation. An attacker could deploy a contract that
- writes
X
to an EVM memory regionR
, - calls
0x00..04
withR
as an argument, - overwrites
R
toY
, - and finally invokes the
RETURNDATACOPY
opcode.
When this contract is invoked, a consensus-compliant node would push X
on the EVM stack, whereas Geth would push Y
.
References
- blog.ethereum.org/2020/11/12/geth_security_release
- github.com/advisories/GHSA-69v6-xc2j-r2jf
- github.com/ethereum/go-ethereum
- github.com/ethereum/go-ethereum/commit/295693759e5ded05fec0b2fb39359965b60da785
- github.com/ethereum/go-ethereum/security/advisories/GHSA-69v6-xc2j-r2jf
- nvd.nist.gov/vuln/detail/CVE-2020-26241
Detect and mitigate CVE-2020-26241 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →