CVE-2020-26240: Incorrect Calculation

June 29, 2021

Go Ethereum, or “Geth”, is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24

References

github.com/advisories/GHSA-v592-xf75-856p
github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0
github.com/ethereum/go-ethereum/pull/21793
github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p
nvd.nist.gov/vuln/detail/CVE-2020-26240

Code Behaviors & Features

Detect and mitigate CVE-2020-26240 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →