GHSA-v592-xf75-856p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v592-xf75-856p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-v592-xf75-856p/GHSA-v592-xf75-856p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-v592-xf75-856p
- Aliases
- Related
- Published
- 2021-06-29T21:12:56Z
- Modified
- 2024-08-21T15:58:55.298721Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Erroneous Proof of Work calculation in geth
- Details
-
Impact
An ethash mining DAG generation flaw in Geth could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected.
Specific Go Packages Affected
github.com/ethereum/go-ethereum/consensus
Patches
This issue is also fixed as of 1.9.24. Thanks to @slavikus for bringing the issue to our attention and writing the fix.
For more information
If you have any questions or comments about this advisory: * Open an issue in go-ethereum * Email us at security@ethereum.org
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-682" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-05-21T21:52:58Z" }- References
-
- https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p
- https://nvd.nist.gov/vuln/detail/CVE-2020-26240
- https://github.com/ethereum/go-ethereum/pull/21793
- https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0
- https://blog.ethereum.org/2020/11/12/geth_security_release
Affected packages
Go / github.com/ethereum/go-ethereum
Package
- Name
- github.com/ethereum/go-ethereum
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/ethereum/go-ethereum