Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Shallow copy bug in geth
Vulnerability Description
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that writes X to an EVM memory region R, then calls 0x00..04 with R as an argument, then overwrites R to Y, and finally invokes the RETURNDATACOPY opcode. When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y. This is fixed in version 1.9.17.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
数值计算不正确
Vulnerability Title
Ethereum Go-ethereum 安全漏洞
Vulnerability Description
Ethereum Go-ethereum是Ethereum社区的一个用Go语言实现以太坊协议的代码库。 Ethereum Go-ethereum 1.9.18 之前版本存在安全漏洞,攻击者可利用该漏洞可以部署一个契约,将X写入EVM内存区域R,然后调用0x00..将R作为参数,然后将R重写为Y,最后调用RETURNDATACOPY操作码。
CVSS Information
N/A
Vulnerability Type
N/A