CVE-2021-39137: Ethereum Contains Consensus Flaw During Block Processing
6.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.53628%
CWE
Published
8/30/2021
Updated
8/29/2023
KEV Status
No
Technology
Go
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
github.com/ethereum/go-ethereum | go | >= 1.10.0, < 1.10.8 | 1.10.8 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from improper handling of return data buffers in EVM call operations. The patch adds explicit data copying (common.CopyBytes
) in four call-handling functions in instructions.go
and modifies return data handling in interpreter.go
. These changes directly address memory corruption by preventing shared buffer reuse. The Go vulnerability report (GO-2022-0254
) explicitly lists these EVM methods as affected symbols, and the commit diff shows the precise locations where memory safety was enforced.