CVE-2020-26240 Information

Jun 07, 2022 cve

Description

Go Ethereum or \Geth\ is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners non-mining nodes are unaffected. This issue is fixed as of 1.9.24

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p https://github.com/ethereum/go-ethereum/pull/21793 https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0 https://blog.ethereum.org/2020/11/12/geth_security_release/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5

Share on: