Interpretation Conflict

CVE-2021-39137

High

7.5/10

Summary

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-436 - Interpretation Conflict

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

References

Advisory
Advisory
Release Note
Pull request

Advisory Timeline

Published Aug 24, 2021

Interpretation Conflict

CVE-2021-39137

Summary

CWE-436 - Interpretation Conflict

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS