CVE-2020-26240

Опубликовано: 25 нояб. 2020

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24

Ссылки

https://blog.ethereum.org/2020/11/12/geth_security_release/
Vendor Advisory
https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0
Patch
Third Party Advisory
https://github.com/ethereum/go-ethereum/pull/21793
Patch
Third Party Advisory
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p
Third Party Advisory
https://blog.ethereum.org/2020/11/12/geth_security_release/
Vendor Advisory
https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0
Patch
Third Party Advisory
https://github.com/ethereum/go-ethereum/pull/21793
Patch
Third Party Advisory
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*

Версия до 1.9.24 (исключая)

EPSS

Процентиль: 59%

0.00386

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-682

Связанные уязвимости

CVE-2020-26240

CVSS3: 5.3

debian

около 5 лет назад

Go Ethereum, or "Geth", is the official Golang implementation of the E ...

GHSA-v592-xf75-856p

CVSS3: 5.3

github

больше 4 лет назад

Erroneous Proof of Work calculation in geth

EPSS

Процентиль: 59%

0.00386

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-682