CVE-2020-26240

Sažetak

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24

Reference

https://blog.ethereum.org/2020/11/12/geth_security_release/
https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0
https://github.com/ethereum/go-ethereum/pull/21793
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

03-12-2020 - 15:16

Objavljeno

25-11-2020 - 02:15