7.5
CVE-2020-26240
- EPSS 1.64%
- Veröffentlicht 25.11.2020 02:15:10
- Zuletzt bearbeitet 21.11.2024 05:19:37
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginErroneous Proof of Work calculation in geth
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ethereum ≫ Go Ethereum Version < 1.9.24
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.64% | 0.733 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
| security-advisories@github.com | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-682 Incorrect Calculation
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
https://blog.ethereum.org/2020/11/12/geth_security_release/
https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0
https://github.com/ethereum/go-ethereum/pull/21793
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p