Filtered by vendor Ethereum
Subscribe
Total
31 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26264 | 1 Ethereum | 1 Go Ethereum | 2020-12-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25. | |||||
| CVE-2017-14451 | 1 Ethereum | 1 Ethereum | 2020-12-09 | 7.5 HIGH | 10.0 CRITICAL |
| An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability. | |||||
| CVE-2020-26241 | 1 Ethereum | 1 Go Ethereum | 2020-12-03 | 5.5 MEDIUM | 7.1 HIGH |
| Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that writes X to an EVM memory region R, then calls 0x00..04 with R as an argument, then overwrites R to Y, and finally invokes the RETURNDATACOPY opcode. When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y. This is fixed in version 1.9.17. | |||||
| CVE-2020-26242 | 1 Ethereum | 1 Go Ethereum | 2020-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18. | |||||
| CVE-2020-26240 | 1 Ethereum | 1 Go Ethereum | 2020-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24 | |||||
| CVE-2018-20421 | 1 Ethereum | 1 Go Ethereum | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of "assembly { mstore }" followed by a "c[0xC800000] = 0xFF" assignment. | |||||
| CVE-2018-15890 | 1 Ethereum | 1 Ethereumj | 2019-06-20 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserialization in ois.readObject in mine/Ethash.java and decoder.readObject in crypto/ECKey.java. When a node syncs and mines a new block, arbitrary OS commands can be run on the server. | |||||
| CVE-2018-18920 | 1 Ethereum | 1 Py-evm | 2019-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid." | |||||
| CVE-2018-19184 | 1 Ethereum | 1 Go Ethereum | 2018-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode. | |||||
| CVE-2018-16733 | 1 Ethereum | 1 Go Ethereum | 2018-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. | |||||
| CVE-2018-12018 | 1 Ethereum | 1 Go Ethereum | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue. | |||||