CVE-2020-26240
MEDIUMGo Ethereum < 1.9.24 - Incorrect Calculation in Ethash Mining DAG Generation
Title source: llmDescription
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://blog.ethereum.org/2020/11/12/geth_security_release/
Third Party Advisory x_refsource_confirm
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p
Patch, Third Party Advisory x_refsource_misc
https://github.com/ethereum/go-ethereum/pull/21793
Patch, Third Party Advisory x_refsource_misc
https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0
Scores
CVSS v3
5.3
EPSS
0.0164
EPSS Percentile
73.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-682
Status
published
Products (2)
ethereum/go-ethereum
0 - 1.9.24Go
ethereum/go_ethereum
< 1.9.24
Published
Nov 25, 2020
Tracked Since
Feb 18, 2026