CVE-2020-26240

{"id": "CVE-2020-26240", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2020-11-25T02:15:10.923", "references": [{"url": "https://blog.ethereum.org/2020/11/12/geth_security_release/", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ethereum/go-ethereum/pull/21793", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-682"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-682"}]}], "descriptions": [{"lang": "en", "value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24"}, {"lang": "es", "value": "Go Ethereum, o \"Geth\", es la implementaci\u00f3n oficial de Golang del protocolo Ethereum. Un fallo de generaci\u00f3n DAG de miner\u00eda ethash en Geth versiones anteriores a 1.9.24, podr\u00eda causar a unos mineros calcular err\u00f3neamente PoW en una \u00e9poca pr\u00f3xima (estimada a principios de enero de 2021). Esto sucedi\u00f3 en la cadena ETC el 06-11-2020. Este problema es relevante solo para mineros, los nodos que no son mineros no est\u00e1n afectados. Este problema es corregido desde la versi\u00f3n 1.9.24"}], "lastModified": "2020-12-03T15:16:13.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FD25FC5-2D0F-41D2-BE6E-34EF9AFA0A08", "versionEndExcluding": "1.9.24"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}