Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
Crypto Flexs
Home»ETHEREUM NEWS»Geth Security Release | Ethereum Foundation Blog
ETHEREUM NEWS

Geth Security Release | Ethereum Foundation Blog

By Crypto FlexsJanuary 26, 20241 Min Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Geth Security Release |  Ethereum Foundation Blog
Share
Facebook Twitter LinkedIn Pinterest Email

summary

version Guess Built in Go <1.15.5 or <1.14.12 You are likely to be affected by serious DoS-related security vulnerabilities. The golang team has registered this flaw as ‘CVE-2020-28362’.

We recommend a rebuild to all users (ideally v1.9.24) with Go 1.15.5 or 1.14.12, prevent node collisions. or if you are running a binary distributed through one of the official channels; v1.9.24 We are made with Go 1.15.5.

Your Docker image is likely out of date due to missing base images, but you can check the release notes on how to build it temporarily using Go. 1.15.5. Please run geth version Check which version of Go the binary was built with.

background

In early October, Gothereum was registered on Google. OSS-Fuzz program. We’ve previously run the fuzzer on an ad-hoc basis and tested a few different platforms.

On October 24, 2020, we received notification that one of our fuzzers had discovered a conflict.

Investigation revealed that the root cause of the issue was a bug in the Go standard library, and the issue was reported upstream.

Special thanks Adam Korzinski This is the work of Ada Logics, who first integrated Go-ethereum into OSS-Fuzz!

effect

DoS issues can be used to crash all Geth nodes during block processing, resulting in major parts of the Ethereum network going offline.

Outside of Go-Ethereum, this issue is likely to be relevant to any fork of Geth (e.g. TurboGeth or ETC’s core-geth). For broader context, I’ll refer to upstream, as the Go team has conducted research on potentially affected parties.

timeline

  • 2020-10-24: Crash report from OSS-fuzz
  • 2020-10-25: Investigation revealed that this was caused by a flaw in Go. Details have been sent to: security@golang.org
  • 2020-10-26: Approved from upstream, investigation in progress
  • 2020-10-26 — 2020-11-06: Potential fixes discussed, upstream investigation for potentially affected parties.
  • 2020-11-06: Fix release tentatively scheduled for upstream on 2020-11-12
  • 2020-11-09: Upstream pre-announced a security release. https://groups.google.com/g/golang-announce/c/kMa3eup0qhU/m/O5RSMHO_CAAJ
  • 2020-11-11: Official Geth Twitter informed users about the upcoming release. accountOfficial Discord Channel and reddit.
  • 2020-11-12: A new Go version has been released. Guess Binaries have been released

Additional issues

mining glitch

Another security issue came to our attention through: this promotionContains fixes to the ethash algorithm.

A mining flaw may cause miners to miscalculate PoW in the upcoming epoch. This happened on the ETC chain on 2020-11-06. This appears to be a problem for the ETH mainnet around the block. 11550000 /era 385This will occur in early January 2021.

This issue has now been resolved. 1.9.24. This issue only affects miners; non-mining nodes are not affected.

Geth shallow copy bug

affected: 1.9.7 – 1.9.16

determined: 1.9.17

Type: Consensus Vulnerability

2020-07-15 Researcher Youngseok Yang (Software Platform Lab) reported a consensus vulnerability in Geth.

Precompilation of Geth Copy data (0x00…04) Contract performed a shallow copy when called, while Parity performed a deep copy. An attacker could deploy a contract like this:

  • write X To EVM memory area R,
  • phone call 0x00..04 with R By argument,
  • overwrite R to why,
  • And finally Copy of return data opcode.
  • When this contract is called, Parity pushes. X It’s in the EVM stack, whereas Geth pushes it. why.

result

This was exploited in a block on the Ethereum mainnet. 11234873transaction 0x57f7f9. node Up to 30 blocks were lost from the sidechain due to deletion from the network. Additionally, Infura has been discontinued, causing problems for many people and services that rely on Infura as their backend provider.

More context can be found here: Geth post mortem and He steals after death. and here.

DoS .16 and .17

affected: v1.9.16,v1.9.17

determined: v1.9.18

Type: DoS vulnerability during block processing

A DoS vulnerability was discovered and fixed. v1.9.18. We have decided not to disclose any details at this time.

Recommendation

In the short term, we recommend that all users upgrade to: Guess version v1.9.24 (Must be built in Go 1.15.5) immediately. You can find the official release here here.

If you use Geth through Docker, you may encounter some issues. if you use Ethereum/Client MovementThere are two things you need to know:

  1. It may take some time for new images to appear in Docker Hub.
  2. Unless the Go base image is generated quickly enough, vulnerable Go version.

If you are building a Docker image yourself (via) Docker build. The second issue (in the repository root) can also cause the problem.

So be careful to make sure Go happens. 1.15.5 Used as the default image.

In the long term, we recommend that users and miners also look for alternative clients. It is our strong feeling that the resiliency of the Ethereum network should not depend on a single client implementation. there is besut, nethermind, Open Ethereum and turbo get And there are other things to choose from as well.

Please report security vulnerabilities via: https://bounty.ethereum.orgor via bounty@ethereum.org or through security@ethereum.org.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Bitcoin is more than $ 104K as the merchant’s eyes move from H2 to $ 145,000.

June 20, 2025

Can Etherrium price return to $ 4,000? Analysts say that ETH should go beyond this support.

June 16, 2025

Bank of America’s eyes among the Senate’s fast tracking genius acts

June 12, 2025
Add A Comment

Comments are closed.

Recent Posts

XRP Falls 7% Due To Lawsuit, CryptoMiningFirm Helps You Make $81,350 A Day And Avoid The Turbulence Of The Cryptocurrency Market

June 21, 2025

HyperLend Protocol Thanksgiving Summary -Ackee Blockchain

June 21, 2025

Byreal Launches With Strategic Support From Bybit On Solana

June 21, 2025

Currently the most searched Cryptocurrencies: The reason why this coin is attracting investors’ attention

June 21, 2025

Litecoin Key Support in Focus Price Eye Brake Out Determination

June 20, 2025

TUIMAX Secures U.S. MSB License To Build A Globally Trusted Trading Platform

June 20, 2025

Flipster And Aptos Foundation Partner To Drive Stablecoin Adoption And Unlock Multichain Opportunities

June 20, 2025

Pioneering Web3 Innovation With Rewards And Global Events

June 20, 2025

Bitcoin is more than $ 104K as the merchant’s eyes move from H2 to $ 145,000.

June 20, 2025

Gala Games improves leader board rewards and introduces preference systems.

June 20, 2025

Low volatility, Bitcoin is traded near $ 105K. Analysts provide a mixed view.

June 20, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

XRP Falls 7% Due To Lawsuit, CryptoMiningFirm Helps You Make $81,350 A Day And Avoid The Turbulence Of The Cryptocurrency Market

June 21, 2025

HyperLend Protocol Thanksgiving Summary -Ackee Blockchain

June 21, 2025

Byreal Launches With Strategic Support From Bybit On Solana

June 21, 2025
Most Popular

How low can the Bitcoin price go?

August 1, 2024

Crypto Gains highlights that it is selling quickly, with dog-themed presales reaching close to $12 million.

April 28, 2024

Polkadot Rollup, Hyperbridge Expands Initial Relayer Offerings After Sale of Over 52 Million Tokens

January 17, 2025
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.