CVE-2020-26240: Erroneous Proof of Work calculation in geth
(updated )
An ethash mining DAG generation flaw in Geth could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected.
References
- blog.ethereum.org/2020/11/12/geth_security_release
- github.com/advisories/GHSA-v592-xf75-856p
- github.com/ethereum/go-ethereum
- github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0
- github.com/ethereum/go-ethereum/pull/21793
- github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p
- nvd.nist.gov/vuln/detail/CVE-2020-26240
Detect and mitigate CVE-2020-26240 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →