Vulnerability Description
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ethereum | Go Ethereum | < 1.9.24 |
Related Weaknesses (CWE)
References
- https://blog.ethereum.org/2020/11/12/geth_security_release/Vendor Advisory
- https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e793567543PatchThird Party Advisory
- https://github.com/ethereum/go-ethereum/pull/21793PatchThird Party Advisory
- https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856pThird Party Advisory
- https://blog.ethereum.org/2020/11/12/geth_security_release/Vendor Advisory
- https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e793567543PatchThird Party Advisory
- https://github.com/ethereum/go-ethereum/pull/21793PatchThird Party Advisory
- https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856pThird Party Advisory
FAQ
What is CVE-2020-26240?
CVE-2020-26240 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate P...
How severe is CVE-2020-26240?
CVE-2020-26240 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26240?
Check the references section above for vendor advisories and patch information. Affected products include: Ethereum Go Ethereum.