A consensus-vulnerability in Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain.
A DoS vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client.
Denial-of-service (crash) during block processing.
This is a Consensus vulnerability, which can be used to cause a chain-split where vulnerable nodes reject the canonical chain.
An ethash mining DAG generation flaw in Geth could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected.
The bug has been referenced in the following commit(s):
Author: Sam James <firstname.lastname@example.org>
AuthorDate: 2021-03-05 17:56:31 +0000
Commit: Sam James <email@example.com>
CommitDate: 2021-03-05 17:57:16 +0000
net-p2p/go-ethereum: (security) bump to 1.10.0
Signed-off-by: Sam James <firstname.lastname@example.org>
net-p2p/go-ethereum/Manifest | 492 ++++++++++++++++++
net-p2p/go-ethereum/go-ethereum-1.10.0.ebuild | 720 ++++++++++++++++++++++++++
2 files changed, 1212 insertions(+)
Tree clean, all done!