data/reports/GO-2021-0105.yaml - vulndb - Git at Google

 modules:
   - module: github.com/ethereum/go-ethereum
     versions:
       - introduced: 1.9.4
       - fixed: 1.9.20
     packages:
       - package: github.com/ethereum/go-ethereum/core
         symbols:
           - StateDB.createObject
         skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
 description: |
     Due to an incorrect state calculation, a specific set of
     transactions could cause a consensus disagreement,
     causing users of this package to reject a canonical chain.
 published: 2021-07-28T18:08:05Z
 cves:
   - CVE-2020-26265
 ghsas:
   - GHSA-xw37-57qp-9mm4
 credit: John Youngseok Yang (Software Platform Lab)
 references:
   - fix: https://github.com/ethereum/go-ethereum/pull/21080
   - fix: https://github.com/ethereum/go-ethereum/commit/87c0ba92136a75db0ab2aba1046d4a9860375d6a
	modules:
	- module: github.com/ethereum/go-ethereum
	versions:
	- introduced: 1.9.4
	- fixed: 1.9.20
	packages:
	- package: github.com/ethereum/go-ethereum/core
	symbols:
	- StateDB.createObject
	skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
	description: \|
	Due to an incorrect state calculation, a specific set of
	transactions could cause a consensus disagreement,
	causing users of this package to reject a canonical chain.
	published: 2021-07-28T18:08:05Z
	cves:
	- CVE-2020-26265
	ghsas:
	- GHSA-xw37-57qp-9mm4
	credit: John Youngseok Yang (Software Platform Lab)
	references:
	- fix: https://github.com/ethereum/go-ethereum/pull/21080
	- fix: https://github.com/ethereum/go-ethereum/commit/87c0ba92136a75db0ab2aba1046d4a9860375d6a