CVE-2020-26240

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24
Configurations

Configuration 1 (hide)

cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:19

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : 7.5
v2 : 5.0
v3 : 5.3
References () https://blog.ethereum.org/2020/11/12/geth_security_release/ - Vendor Advisory () https://blog.ethereum.org/2020/11/12/geth_security_release/ - Vendor Advisory
References () https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0 - Patch, Third Party Advisory () https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0 - Patch, Third Party Advisory
References () https://github.com/ethereum/go-ethereum/pull/21793 - Patch, Third Party Advisory () https://github.com/ethereum/go-ethereum/pull/21793 - Patch, Third Party Advisory
References () https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p - Third Party Advisory () https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p - Third Party Advisory

Information

Published : 2020-11-25 02:15

Updated : 2024-11-21 05:19


NVD link : CVE-2020-26240

Mitre link : CVE-2020-26240

CVE.ORG link : CVE-2020-26240


JSON object : View

Products Affected

ethereum

  • go_ethereum
CWE
CWE-682

Incorrect Calculation