CVE-2020-26240 MEDIUM

CVE-2020-26240: Erroneous Proof of Work calculation in geth

Vendor Ethereum
Product go-ethereum
Weakness CWE-682
Published November 25, 2020
Last update August 4, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24

Key dates

02Disclosure timeline

November 25, 2020 CVE published
August 4, 2024 Record updated