6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-26241

GHSA ID

GHSA-69v6-xc2j-r2jf

EPSS Score

0.4348%

CWE

CWE-682

Published

6/29/2021

Updated

1/30/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-26241

CVE-2020-26241:
Shallow copy bug in geth

Impact

This is a Consensus vulnerability, which can be used to cause a chain-split where vulnerable nodes reject the canonical chain.

Geth’s pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that

writes X to an EVM memory region R,
calls 0x00..04 with R as an argument,
overwrites R to Y,
and finally invokes the RETURNDATACOPY opcode.

When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y.

Patches

No standalone patches have been made.

Workarounds

Upgrade to 1.9.17 or higher.

References

https://blog.ethereum.org/2020/11/12/geth_security_release/

For more information

If you have any questions or comments about this advisory:

Open an issue in go-ethereum
Email us at security@ethereum.org

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-26241

GHSA ID

GHSA-69v6-xc2j-r2jf

EPSS Score

0.4348%

CWE

CWE-682

Published

6/29/2021

Updated

1/30/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/ethereum/go-ethereum	go	>= 1.9.7, < 1.9.17	1.9.17

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the dataCopy precompile (0x00..04) performing a shallow copy of its input. The dataCopy.Run function in core/vm/contracts.go returns the input slice directly, creating a reference to the original EVM memory. When this memory is later overwritten (as described in the attack scenario), the return data becomes corrupted. The RunPrecompiledContract function in the same file exacerbated this by not making a defensive copy of the precompile's output before returning it. The combination of these two factors allowed memory aliasing to create consensus-critical discrepancies. The commit patched this by modifying gas handling and return data management patterns, though the direct fix for the shallow copy would require changes to dataCopy.Run or its consumers.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T*is is * *ons*nsus vuln*r**ility, w*i** **n ** us** to **us* * ***in-split w**r* vuln*r**l* no**s r*j**t t** **noni**l ***in. **t*’s pr*-*ompil** `**t**opy` (*t `*x**...**`) *ontr**t *i* * s**llow *opy on invo**tion. *n *tt**k*r *oul* *

Reasoning

T** vuln*r**ility st*ms *rom t** `**t**opy` pr**ompil* (*x**..**) p*r*ormin* * s**llow *opy o* its input. T** `**t**opy.Run` *un*tion in `*or*/vm/*ontr**ts.*o` r*turns t** input sli** *ir**tly, *r**tin* * r***r*n** to t** ori*in*l *VM m*mory. W**n t*

6.5

Basic Information

Concerned about an active attack path?

CVE-2020-26241: Shallow copy bug in geth

Impact

Patches

Workarounds

References

For more information

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-26241:
Shallow copy bug in geth

Vulnerability Intelligence
Miggo AI