blob: c6739d88ca109237f0aeb95cbe48dca702d6d0fc [file] [log] [blame]
id: GO-2022-0254
modules:
- module: github.com/ethereum/go-ethereum
versions:
- fixed: 1.10.8
vulnerable_at: 1.10.7
packages:
- package: github.com/ethereum/go-ethereum/core/vm
symbols:
- opCall
- opCallCode
- opDelegateCall
- opStaticCall
- EVMInterpreter.Run
derived_symbols:
- EVM.Call
- EVM.CallCode
- EVM.Create
- EVM.Create2
- EVM.DelegateCall
- EVM.StaticCall
summary: Consensus flaw during block processing in github.com/ethereum/go-ethereum
description: |-
A vulnerability in the Geth EVM can cause a node to reject the canonical chain.
A memory-corruption bug within the EVM can cause a consensus error, where
vulnerable nodes obtain a different stateRoot when processing a maliciously
crafted transaction. This, in turn, would lead to the chain being split in two
forks.
published: 2022-07-15T23:07:56Z
cves:
- CVE-2021-39137
ghsas:
- GHSA-9856-9gg9-qcmq
references:
- fix: https://github.com/ethereum/go-ethereum/pull/23381/commits/4d4879cafd1b3c906fc184a8c4a357137465128f
review_status: REVIEWED