Vulnerability in Ethereum Go-ethereum
CVE-2020-26240
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated earl…
EPSS: 0.016 (73.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N.
Affected products
- Ethereum Go-ethereum — versions < 1.9.24
- Ethereum Go_ethereum
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security-advisories@github.com (x_refsource_MISC, Vendor Advisory)
- security-advisories@github.com (x_refsource_CONFIRM, Third Party Advisory)
- security-advisories@github.com (Patch, Third Party Advisory, x_refsource_MISC)
- security-advisories@github.com (Patch, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-26240?
- CVE-2020-26240 is a medium-severity vulnerability in Ethereum Go-ethereum, classified under Incorrect Calculation. CVSS score: 5.3/10. Published 2020-11-25.
- How severe is CVE-2020-26240?
- Medium severity. CVSS v3 base score is 5.3 out of 10.
- Is CVE-2020-26240 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.