Vulnerability in Ethereum Go-ethereum

CVE-2020-26240

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated earl…

EPSS: 0.016 (73.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2020-26240?
CVE-2020-26240 is a medium-severity vulnerability in Ethereum Go-ethereum, classified under Incorrect Calculation. CVSS score: 5.3/10. Published 2020-11-25.
How severe is CVE-2020-26240?
Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2020-26240 known to be exploited?
3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.