CVE-2020-26240
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ethereum | go-ethereum | < 1.9.24 | affected |
Weaknesses
- CWE-682: CWE-682: Incorrect Calculation
ADP Enrichment
CVE Program Container
Additional References
- https://blog.ethereum.org/2020/11/12/geth_security_release/
- https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p
- https://github.com/ethereum/go-ethereum/pull/21793
- https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0
References
- https://blog.ethereum.org/2020/11/12/geth_security_release/
- https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p
- https://github.com/ethereum/go-ethereum/pull/21793
- https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.