CVE-2020-26242: Denial of service in geth
(updated )
Go Ethereum, or “Geth”, is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.
References
- blog.ethereum.org/2020/11/12/geth_security_release/
- github.com/advisories/GHSA-jm5c-rv3w-w83m
- github.com/ethereum/go-ethereum/commit/7163a6664ee664df81b9028ab3ba13b9d65a7196
- github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83m
- github.com/holiman/uint256/commit/6785da6e3eea403260a5760029e722aa4ff1716d
- github.com/holiman/uint256/pull/80
- nvd.nist.gov/vuln/detail/CVE-2020-26242
- pkg.go.dev/vuln/GO-2021-0103
Detect and mitigate CVE-2020-26242 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →