CVE-2021-39193

Name: CVE-2021-39193
Creator: NVD / NIST
Published: 2021-09-03T18:15:07.197+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 1.15%

Last modified Jun 17, 2026

CVE-2021-39193 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in `pallet-ethereum` can cause invalid transactions to be included in the Ethereum block state in `pallet-ethereum` due to not validating the input data size. EPSS estimates a 1.15% chance of exploitation in the next 30 days.

Description

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in `pallet-ethereum` can cause invalid transactions to be included in the Ethereum block state in `pallet-ethereum` due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction will appear to have be included, but is of no effect as it is rejected by the EVM engine. The impact is further limited by Substrate extrinsic size constraints. A patch is available in commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26. There are no workarounds aside from applying the patch.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Probability

1.15%

62.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Parity	Frontier	< 2021-09-03

References

https://github.com/paritytech/frontier/commit/0b962f218f0cdd796dadfe26c3f09e68f7861b26Patch, Third Party Advisory
https://github.com/paritytech/frontier/pull/465Patch, Third Party Advisory
https://github.com/paritytech/frontier/pull/465/commits/8a2b890a2fb477d5fedd0e4335b00623832849aePatch, Third Party Advisory
https://github.com/paritytech/frontier/security/advisories/GHSA-hw4v-5x4h-c3xmPatch, Third Party Advisory
https://github.com/paritytech/frontier/commit/0b962f218f0cdd796dadfe26c3f09e68f7861b26Patch, Third Party Advisory
https://github.com/paritytech/frontier/pull/465Patch, Third Party Advisory
https://github.com/paritytech/frontier/pull/465/commits/8a2b890a2fb477d5fedd0e4335b00623832849aePatch, Third Party Advisory
https://github.com/paritytech/frontier/security/advisories/GHSA-hw4v-5x4h-c3xmPatch, Third Party Advisory

Timeline

Published: Sep 3, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-39193?

How severe is CVE-2021-39193?

CVE-2021-39193 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 1.15% probability of exploitation in the next 30 days.

How do I fix CVE-2021-39193?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-39193?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST