CVE-2020-26242

Name of the Vulnerable Software and Affected Versions Geth versions prior to 1.9.18

Description The issue is a Denial-of-service (crash) during block processing, which can be exploited through the MULMOD operation by specifying a modulo of 0: mulmod(a,b,0), causing a panic in the underlying library. This occurs due to improper bounds checking in certain mathematical operations, potentially allowing for a denial of service attack if untrusted user inputs are processed. The vulnerability can cause all vulnerable nodes to drop off the network.

Recommendations For versions prior to 1.9.18, upgrade to v1.9.18 or higher to resolve the issue. As a temporary workaround, consider restricting the use of the MULMOD operation with a modulo of 0 to minimize the risk of exploitation.