CVE-2020-26240

EPSS 0.39%
Veröffentlicht 25.11.2020 02:15:10
Zuletzt bearbeitet 21.11.2024 05:19:37
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ethereum ≫ Go Ethereum Version < 1.9.24

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.591

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
security-advisories@github.com	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

https://blog.ethereum.org/2020/11/12/geth_security_release/

Vendor Advisory

https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0

Patch

Third Party Advisory

https://github.com/ethereum/go-ethereum/pull/21793

Patch

Third Party Advisory

https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-26240

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-26240

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-26240

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-26240