| Damien Neil | b5cb765 | 2022-08-18 15:09:12 -0700 | [diff] [blame] | 1 | modules: |
| Damien Neil | 1a2506c | 2022-07-01 15:03:28 -0700 | [diff] [blame] | 2 | - module: github.com/ethereum/go-ethereum |
| Damien Neil | 1a2506c | 2022-07-01 15:03:28 -0700 | [diff] [blame] | 3 | versions: |
| 4 | - fixed: 1.10.8 |
| 5 | vulnerable_at: 1.10.7 |
| Damien Neil | b5cb765 | 2022-08-18 15:09:12 -0700 | [diff] [blame] | 6 | packages: |
| 7 | - package: github.com/ethereum/go-ethereum/core/vm |
| 8 | symbols: |
| 9 | - opCall |
| 10 | - opCallCode |
| 11 | - opDelegateCall |
| 12 | - opStaticCall |
| 13 | - EVMInterpreter.Run |
| 14 | derived_symbols: |
| 15 | - EVM.Call |
| 16 | - EVM.CallCode |
| 17 | - EVM.Create |
| 18 | - EVM.Create2 |
| 19 | - EVM.DelegateCall |
| 20 | - EVM.StaticCall |
| Damien Neil | 1a2506c | 2022-07-01 15:03:28 -0700 | [diff] [blame] | 21 | description: | |
| 22 | A vulnerability in the Geth EVM can cause a node to reject the |
| 23 | canonical chain. |
| 24 | |
| 25 | A memory-corruption bug within the EVM can cause a consensus |
| 26 | error, where vulnerable nodes obtain a different stateRoot when |
| 27 | processing a maliciously crafted transaction. This, in turn, |
| 28 | would lead to the chain being split in two forks. |
| Damien Neil | 95a417d | 2022-08-17 15:39:45 -0700 | [diff] [blame] | 29 | published: 2022-07-15T23:07:56Z |
| Damien Neil | 1a2506c | 2022-07-01 15:03:28 -0700 | [diff] [blame] | 30 | cves: |
| 31 | - CVE-2021-39137 |
| 32 | ghsas: |
| 33 | - GHSA-9856-9gg9-qcmq |
| Damien Neil | 00e94d7 | 2022-08-26 14:59:35 -0700 | [diff] [blame] | 34 | references: |
| 35 | - fix: https://github.com/ethereum/go-ethereum/pull/23381/commits/4d4879cafd1b3c906fc184a8c4a357137465128f |
