CVE-2020-26240Incorrect Calculation in Go-ethereum

CWE-682Incorrect Calculation5 documents4 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.4%
top 40.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Ethereum Go-ethereumGithub.com Ethereum Go-ethereumEthereum GO Ethereum
Timeline
PublishedNov 25
Latest updateAug 21

Description

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5ethereum/go-ethereum< 1.9.24
NVDethereum/go_ethereum< 1.9.24

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
Erroneous Proof of Work calculation in geth in github.com/ethereum/go-ethereum2024-08-21
OSV
Erroneous Proof of Work calculation in geth2021-06-29
GHSA
Erroneous Proof of Work calculation in geth2021-06-29
CVEList
Erroneous Proof of Work calculation in geth2020-11-25
CVE-2020-26240 — Incorrect Calculation in Go-ethereum | cvebase