7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
42.9%
An ethash mining DAG generation flaw in Geth could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected.
github.com/ethereum/go-ethereum/consensus
This issue is also fixed as of 1.9.24. Thanks to @slavikus for bringing the issue to our attention and writing the fix.
If you have any questions or comments about this advisory:
CPE | Name | Operator | Version |
---|---|---|---|
github.com/ethereum/go-ethereum | lt | 1.9.24 |
blog.ethereum.org/2020/11/12/geth_security_release/
github.com/advisories/GHSA-v592-xf75-856p
github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0
github.com/ethereum/go-ethereum/pull/21793
github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p
nvd.nist.gov/vuln/detail/CVE-2020-26240
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
42.9%