CVE-2020-26242: Denial of service in geth

June 29, 2021

Go Ethereum, or “Geth”, is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.

References

github.com/advisories/GHSA-jm5c-rv3w-w83m
github.com/ethereum/go-ethereum/commit/7163a6664ee664df81b9028ab3ba13b9d65a7196
github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83m
nvd.nist.gov/vuln/detail/CVE-2020-26242

Detect and mitigate CVE-2020-26242 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →