{"id":"GHSA-jm5c-rv3w-w83m","summary":"Denial of service in geth","details":"### Impact\nDenial-of-service (crash) during block processing\n\n### Details\n\nAffected versions suffer from a vulnerability which can be exploited through the `MULMOD` operation, by specifying a modulo of `0`: `mulmod(a,b,0)`, causing a `panic` in the underlying library. \nThe crash was in the `uint256` library, where a buffer [underflowed](https://github.com/holiman/uint256/blob/4ce82e695c10ddad57215bdbeafb68b8c5df2c30/uint256.go#L442).\n\n\tif `d == 0`, `dLen` remains `0`\n\nand https://github.com/holiman/uint256/blob/4ce82e695c10ddad57215bdbeafb68b8c5df2c30/uint256.go#L451 will try to access index `[-1]`.\n\nThe `uint256` library was first merged in this [commit](https://github.com/ethereum/go-ethereum/commit/cf6674539c589f80031f3371a71c6a80addbe454), on 2020-06-08. \nExploiting this vulnerabilty would cause all vulnerable nodes to drop off the network. \n\nThe issue was brought to our attention through a [bug report](https://github.com/ethereum/go-ethereum/issues/21367), showing a `panic` occurring on sync from genesis on the Ropsten network.\n \nIt was estimated that the least obvious way to fix this would be to merge the fix into `uint256`, make a new release of that library and then update the geth-dependency.\n\n- https://github.com/holiman/uint256/releases/tag/v1.1.1 was made the same day, \n- PR to address the issue: https://github.com/holiman/uint256/pull/80 \n- PR to update geth deps: https://github.com/ethereum/go-ethereum/pull/21368 \n\n\n\n### Patches\n\nUpgrade to v1.9.18 or higher\n\n### Workarounds\n\nNot at this time\n\n### References\n\nhttps://blog.ethereum.org/2020/11/12/geth_security_release/\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [go-ethereum](https://github.com/ethereum/go-ethereum)\n* Email us at [security@ethereum.org](mailto:security@ethereum.org)\n","aliases":["CVE-2020-26242","GO-2021-0103"],"modified":"2026-03-10T23:31:18.543590873Z","published":"2021-06-29T21:13:20Z","database_specific":{"cwe_ids":["CWE-125","CWE-191","CWE-400"],"github_reviewed_at":"2021-05-21T21:50:44Z","severity":"MODERATE","nvd_published_at":null,"github_reviewed":true},"references":[{"type":"WEB","url":"https://github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83m"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26242"},{"type":"WEB","url":"https://github.com/holiman/uint256/pull/80"},{"type":"WEB","url":"https://github.com/ethereum/go-ethereum/commit/7163a6664ee664df81b9028ab3ba13b9d65a7196"},{"type":"WEB","url":"https://github.com/holiman/uint256/commit/6785da6e3eea403260a5760029e722aa4ff1716d"},{"type":"WEB","url":"https://blog.ethereum.org/2020/11/12/geth_security_release"},{"type":"PACKAGE","url":"https://github.com/ethereum/go-ethereum"},{"type":"WEB","url":"https://pkg.go.dev/vuln/GO-2021-0103"}],"affected":[{"package":{"name":"github.com/ethereum/go-ethereum","ecosystem":"Go","purl":"pkg:golang/github.com/ethereum/go-ethereum"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.9.16"},{"fixed":"1.9.18"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-jm5c-rv3w-w83m/GHSA-jm5c-rv3w-w83m.json"}},{"package":{"name":"github.com/holiman/uint256","ecosystem":"Go","purl":"pkg:golang/github.com/holiman/uint256"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.1.0"},{"fixed":"1.1.1"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-jm5c-rv3w-w83m/GHSA-jm5c-rv3w-w83m.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}