CVE-2021-39137

MEDIUM

GO Ethereum < 1.10.8 - Interpretation Conflict

Title source: rule

Description

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available.

References (2)

[Third Party Advisory] https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq

[Third Party Advisory] https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8

Scores

CVSS v3 6.5

EPSS 0.0029

EPSS Percentile 52.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-436

Status published

Products (2)

ethereum/go-ethereum 1.10.0 - 1.10.8Go

ethereum/go_ethereum 1.10.0 - 1.10.8

Published Aug 24, 2021

Tracked Since Feb 18, 2026