Main Vulnerability Database SB2021082435

SB2021082435 - Buffer overflow in go-ethereum

Published: August 24, 2021 Updated: April 27, 2026

Security Bulletin ID SB2021082435

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Buffer overflow (CVE-ID: CVE-2021-39137)

The vulnerability allows a remote attacker to cause a consensus error.

The vulnerability exists due to memory corruption in the Geth EVM when processing a maliciously crafted transaction. A remote attacker can send a maliciously crafted transaction to cause a consensus error.

Successful exploitation can cause vulnerable nodes to compute a different stateRoot and reject the canonical chain, potentially splitting the chain into two forks.

Remediation

Install update from vendor's website.

References

https://github.com/ethereum/go-ethereum/security/advisories/GHSA-9856-9gg9-qcmq
https://github.com/advisories/GHSA-9856-9gg9-qcmq