Moderate severityNVD Advisory· Published Nov 25, 2020· Updated Aug 4, 2024
Erroneous Proof of Work calculation in geth
CVE-2020-26240
Description
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ethereum/go-ethereumGo | < 1.9.24 | 1.9.24 |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/ethereum/go-ethereumpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 1.9.24+ 1 more
- (no CPE)range: < 1.9.24
- (no CPE)range: < 0.0.20250807T150727-1.1
- Range: < 1.9.24
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-v592-xf75-856pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-26240ghsaADVISORY
- blog.ethereum.org/2020/11/12/geth_security_releaseghsaWEB
- blog.ethereum.org/2020/11/12/geth_security_release/mitrex_refsource_MISC
- github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0ghsax_refsource_MISCWEB
- github.com/ethereum/go-ethereum/pull/21793ghsax_refsource_MISCWEB
- github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856pghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.