Main Vulnerability Database SB2020112447

SB2020112447 - Buffer overflow in go-ethereum

Published: November 24, 2020 Updated: April 27, 2026

Security Bulletin ID SB2020112447

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Buffer overflow (CVE-ID: CVE-2020-26241)

The vulnerability allows a remote attacker to cause a chain split where vulnerable nodes reject the canonical chain.

The vulnerability exists due to memory corruption in the dataCopy precompile when processing crafted contract execution involving RETURNDATACOPY. A remote attacker can deploy a specially crafted contract to cause a chain split where vulnerable nodes reject the canonical chain.

The issue arises because the precompile performs a shallow copy on invocation, which can cause divergent EVM results compared to consensus-compliant nodes.

Remediation

Install update from vendor's website.

SB2020112447 - Buffer overflow in go-ethereum

Breakdown by Severity

Description

Remediation

References

Please verify you're human