Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24
References
Link | Resource |
---|---|
https://blog.ethereum.org/2020/11/12/geth_security_release/ | Vendor Advisory |
https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0 | Patch Third Party Advisory |
https://github.com/ethereum/go-ethereum/pull/21793 | Patch Third Party Advisory |
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-11-25 02:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-26240
Mitre link : CVE-2020-26240
CVE.ORG link : CVE-2020-26240
JSON object : View
Products Affected
ethereum
- go_ethereum
CWE
CWE-682
Incorrect Calculation