CVE-2020-26240
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Erroneous Proof of Work calculation in geth in github.com/ethereum/go-ethereum
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/ethereum/go-ethereum | <1.9.24 | 1.9.24 |
References
- https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p
- https://nvd.nist.gov/vuln/detail/CVE-2020-26240
- https://github.com/ethereum/go-ethereum/pull/21793
- https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0
- https://blog.ethereum.org/2020/11/12/geth_security_release
- https://github.com/ethereum/go-ethereum
Verify integrity in audit chain (admin only). AS-IS.