Vulnerability Details CVE-2020-26265
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.5%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 3.5
References
Products affected by CVE-2020-26265
-
cpe:2.3:a:ethereum:go_ethereum:1.9.10
-
cpe:2.3:a:ethereum:go_ethereum:1.9.11
-
cpe:2.3:a:ethereum:go_ethereum:1.9.12
-
cpe:2.3:a:ethereum:go_ethereum:1.9.13
-
cpe:2.3:a:ethereum:go_ethereum:1.9.14
-
cpe:2.3:a:ethereum:go_ethereum:1.9.15
-
cpe:2.3:a:ethereum:go_ethereum:1.9.16
-
cpe:2.3:a:ethereum:go_ethereum:1.9.17
-
cpe:2.3:a:ethereum:go_ethereum:1.9.18
-
cpe:2.3:a:ethereum:go_ethereum:1.9.19
-
cpe:2.3:a:ethereum:go_ethereum:1.9.4
-
cpe:2.3:a:ethereum:go_ethereum:1.9.5
-
cpe:2.3:a:ethereum:go_ethereum:1.9.6
-
cpe:2.3:a:ethereum:go_ethereum:1.9.7
-
cpe:2.3:a:ethereum:go_ethereum:1.9.8
-
cpe:2.3:a:ethereum:go_ethereum:1.9.9