Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-69v6-xc2j-r2jf

GitHub Security Advisory

Shallow copy bug in geth

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
This is a Consensus vulnerability, which can be used to cause a chain-split where vulnerable nodes reject the canonical chain.

Geth’s pre-compiled `dataCopy` (at `0x00...04`) contract did a shallow copy on invocation. An attacker could deploy a contract that

- writes `X` to an EVM memory region `R`,
- calls `0x00..04` with `R` as an argument,
- overwrites `R` to `Y`,
- and finally invokes the `RETURNDATACOPY` opcode.

When this contract is invoked, a consensus-compliant node would push `X` on the EVM stack, whereas Geth would push `Y`.

### Patches

No standalone patches have been made.

### Workarounds

Upgrade to `1.9.17` or higher.

### References

https://blog.ethereum.org/2020/11/12/geth_security_release/

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [go-ethereum](https://github.com/ethereum/go-ethereum)
* Email us at [[email protected]](mailto:[email protected])

Affected Packages

Go github.com/ethereum/go-ethereum
Affected versions: 1.9.7 (fixed in 1.9.17)

Related CVEs

CVE-2020-26241

Key Information

GHSA ID
GHSA-69v6-xc2j-r2jf
Published
June 29, 2021 9:13 PM
Last Modified
January 30, 2025 2:37 PM
CVSS Score
5.0 /10
Primary Ecosystem
Go
Primary Package
github.com/ethereum/go-ethereum
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 13, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.