Vulnerability Details CVE-2021-39137
go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.6%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 5.0
References
Products affected by CVE-2021-39137
-
cpe:2.3:a:ethereum:go_ethereum:1.10.0
-
cpe:2.3:a:ethereum:go_ethereum:1.10.1
-
cpe:2.3:a:ethereum:go_ethereum:1.10.2
-
cpe:2.3:a:ethereum:go_ethereum:1.10.3
-
cpe:2.3:a:ethereum:go_ethereum:1.10.4
-
cpe:2.3:a:ethereum:go_ethereum:1.10.5
-
cpe:2.3:a:ethereum:go_ethereum:1.10.6
-
cpe:2.3:a:ethereum:go_ethereum:1.10.7