CVE-2020-26240

MEDIUM

Geth <1.9.24 - Info Disclosure

Title source: llm

Description

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24

References (4)

[Vendor Advisory] https://blog.ethereum.org/2020/11/12/geth_security_release/

[Third Party Advisory] https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p

[Patch, Third Party Advisory] https://github.com/ethereum/go-ethereum/pull/21793

[Patch, Third Party Advisory] https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0

View Patch ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0039

EPSS Percentile 59.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-682

Status published

Products (2)

ethereum/go-ethereum 0 - 1.9.24Go

ethereum/go_ethereum < 1.9.24

Published Nov 25, 2020

Tracked Since Feb 18, 2026