CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39137 – Consensus flaw during block processing in go-ethereum
https://notcve.org/view.php?id=CVE-2021-39137
go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available. go-ethereum es la implementación oficial Go del protocolo Ethereum. • https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8 https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq • CWE-436: Interpretation Conflict •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26800
https://notcve.org/view.php?id=CVE-2020-26800
A stack overflow vulnerability in Aleth Ethereum C++ client version <= 1.8.0 using a specially crafted a config.json file may result in a denial of service. Una vulnerabilidad de desbordamiento de la pila en el cliente Aleth Ethereum C++ versiones anteriores a 1.8.0, usando un archivo config.json especialmente diseñado puede resultar en una denegación de servicio • https://ethereum.org/en/about https://github.com/ethereum/aleth https://github.com/ethereum/aleth/issues/5917 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26264 – LES Server DoS via GetProofsV2
https://notcve.org/view.php?id=CVE-2020-26264
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25. Go Ethereum, o "Geth", es la implementación oficial de Golang del protocolo Ethereum. • https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46 https://github.com/ethereum/go-ethereum/pull/21896 https://github.com/ethereum/go-ethereum/releases/tag/v1.9.25 https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26265 – Consensus flaw during block processing
https://notcve.org/view.php?id=CVE-2020-26265
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version. Go Ethereum, o "Geth", es la implementación oficial de Golang del protocolo Ethereum. • https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20 https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4 • CWE-682: Incorrect Calculation •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2017-14451
https://notcve.org/view.php?id=CVE-2017-14451
An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability. Se presenta una vulnerabilidad de lectura fuera de límites explotable en libevm (Ethereum Virtual Machine) de CPP-Ethereum. Un código de contrato inteligente especialmente diseñado puede causar una lectura fuera de límites que posteriormente puede desencadenar una escritura fuera de límites resultando en una ejecución del código remota. • https://talosintelligence.com/vulnerability_reports/TALOS-2017-0500 • CWE-125: Out-of-bounds Read •