Security News > 2021 > August > Ethereum urges Go devs to fix severe chain-split vulnerability

Ethereum urges Go devs to fix severe chain-split vulnerability
2021-08-25 15:02

The chain-split vulnerability tracked as CVE-2021-39137, impacts "Geth," the official Golang implementation of the Ethereum protocol.

Such flaws can cause corruption in blockchain services, and lead to massive outages, like the Ethereum network outage from last year.

This week, Ethereum project maintainers are urging Go developers using "Go-ethereum" aka Geth to switch to version 1.10.8 which fixes a high-severity vulnerability.

This happened last year when services relying on the Ethereum network suffered from an outage and withdrawal errors, again resulting from a vulnerable go-ethereum client.

Chain splits occur when different Ethereum clients don't agree on what constitutes a valid transaction and what doesn't.

In Ethereum, a single "Canonical computer," also referred to as the Ethereum Virtual Machine maintains a common state or set of records that every node present on the Ethereum network agrees on.


News URL

https://www.bleepingcomputer.com/news/security/ethereum-urges-go-devs-to-fix-severe-chain-split-vulnerability/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-08-24 CVE-2021-39137 Interpretation Conflict vulnerability in Ethereum GO Ethereum
go-ethereum is the official Go implementation of the Ethereum protocol.
network
low complexity
ethereum CWE-436
7.5
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ethereum 9 0 9 23 2 34