Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
Crypto Flexs
Home»ETHEREUM NEWS»Geth Security Release | Ethereum Foundation Blog
ETHEREUM NEWS

Geth Security Release | Ethereum Foundation Blog

By Crypto FlexsJanuary 26, 20241 Min Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Geth Security Release |  Ethereum Foundation Blog
Share
Facebook Twitter LinkedIn Pinterest Email

summary

version Guess Built in Go <1.15.5 or <1.14.12 You are likely to be affected by serious DoS-related security vulnerabilities. The golang team has registered this flaw as ‘CVE-2020-28362’.

We recommend a rebuild to all users (ideally v1.9.24) with Go 1.15.5 or 1.14.12, prevent node collisions. or if you are running a binary distributed through one of the official channels; v1.9.24 We are made with Go 1.15.5.

Your Docker image is likely out of date due to missing base images, but you can check the release notes on how to build it temporarily using Go. 1.15.5. Please run geth version Check which version of Go the binary was built with.

background

In early October, Gothereum was registered on Google. OSS-Fuzz program. We’ve previously run the fuzzer on an ad-hoc basis and tested a few different platforms.

On October 24, 2020, we received notification that one of our fuzzers had discovered a conflict.

Investigation revealed that the root cause of the issue was a bug in the Go standard library, and the issue was reported upstream.

Special thanks Adam Korzinski This is the work of Ada Logics, who first integrated Go-ethereum into OSS-Fuzz!

effect

DoS issues can be used to crash all Geth nodes during block processing, resulting in major parts of the Ethereum network going offline.

Outside of Go-Ethereum, this issue is likely to be relevant to any fork of Geth (e.g. TurboGeth or ETC’s core-geth). For broader context, I’ll refer to upstream, as the Go team has conducted research on potentially affected parties.

timeline

  • 2020-10-24: Crash report from OSS-fuzz
  • 2020-10-25: Investigation revealed that this was caused by a flaw in Go. Details have been sent to: security@golang.org
  • 2020-10-26: Approved from upstream, investigation in progress
  • 2020-10-26 — 2020-11-06: Potential fixes discussed, upstream investigation for potentially affected parties.
  • 2020-11-06: Fix release tentatively scheduled for upstream on 2020-11-12
  • 2020-11-09: Upstream pre-announced a security release. https://groups.google.com/g/golang-announce/c/kMa3eup0qhU/m/O5RSMHO_CAAJ
  • 2020-11-11: Official Geth Twitter informed users about the upcoming release. accountOfficial Discord Channel and reddit.
  • 2020-11-12: A new Go version has been released. Guess Binaries have been released

Additional issues

mining glitch

Another security issue came to our attention through: this promotionContains fixes to the ethash algorithm.

A mining flaw may cause miners to miscalculate PoW in the upcoming epoch. This happened on the ETC chain on 2020-11-06. This appears to be a problem for the ETH mainnet around the block. 11550000 /era 385This will occur in early January 2021.

This issue has now been resolved. 1.9.24. This issue only affects miners; non-mining nodes are not affected.

Geth shallow copy bug

affected: 1.9.7 – 1.9.16

determined: 1.9.17

Type: Consensus Vulnerability

2020-07-15 Researcher Youngseok Yang (Software Platform Lab) reported a consensus vulnerability in Geth.

Precompilation of Geth Copy data (0x00…04) Contract performed a shallow copy when called, while Parity performed a deep copy. An attacker could deploy a contract like this:

  • write X To EVM memory area R,
  • phone call 0x00..04 with R By argument,
  • overwrite R to why,
  • And finally Copy of return data opcode.
  • When this contract is called, Parity pushes. X It’s in the EVM stack, whereas Geth pushes it. why.

result

This was exploited in a block on the Ethereum mainnet. 11234873transaction 0x57f7f9. node Up to 30 blocks were lost from the sidechain due to deletion from the network. Additionally, Infura has been discontinued, causing problems for many people and services that rely on Infura as their backend provider.

More context can be found here: Geth post mortem and He steals after death. and here.

DoS .16 and .17

affected: v1.9.16,v1.9.17

determined: v1.9.18

Type: DoS vulnerability during block processing

A DoS vulnerability was discovered and fixed. v1.9.18. We have decided not to disclose any details at this time.

Recommendation

In the short term, we recommend that all users upgrade to: Guess version v1.9.24 (Must be built in Go 1.15.5) immediately. You can find the official release here here.

If you use Geth through Docker, you may encounter some issues. if you use Ethereum/Client MovementThere are two things you need to know:

  1. It may take some time for new images to appear in Docker Hub.
  2. Unless the Go base image is generated quickly enough, vulnerable Go version.

If you are building a Docker image yourself (via) Docker build. The second issue (in the repository root) can also cause the problem.

So be careful to make sure Go happens. 1.15.5 Used as the default image.

In the long term, we recommend that users and miners also look for alternative clients. It is our strong feeling that the resiliency of the Ethereum network should not depend on a single client implementation. there is besut, nethermind, Open Ethereum and turbo get And there are other things to choose from as well.

Please report security vulnerabilities via: https://bounty.ethereum.orgor via bounty@ethereum.org or through security@ethereum.org.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Destino Devconnect-Local subsidy round that brings Argentina Onchain

June 1, 2025

It is a Gold Fallor Safety Dynasty Status, but the path of Bitcoin can be brighter: analysts

May 31, 2025

Trump’s memes, which were questioned by the Supreme Democratic Party at the House Judicial Committee,

May 31, 2025
Add A Comment

Comments are closed.

Recent Posts

2025 Bitcoin: Main Highlights and Strategic Presents

June 1, 2025

The boring APE NFT Maker sells Moonbirds IP to the Orange Cap Game.

June 1, 2025

Binance’s average orders for Ether Leeum recorded a level in 2023.

June 1, 2025

NVIDIA NIM improves SQL inferences between text in Vanna for improved analysis.

June 1, 2025

Destino Devconnect-Local subsidy round that brings Argentina Onchain

June 1, 2025

SUI PASSESS votes for CETUS $ 162 million

June 1, 2025

Github University 2025 emphasizes AI -based development and community buildings

June 1, 2025

Upgrade to improve the BTFS V4.0 upgrade network and improve the BTTC ecosystem

June 1, 2025

Ether Leeum price is faced with light correction -focus of support level

June 1, 2025

Cronos

June 1, 2025

Elevenlabs integrates Anthropic’s Claude Sonnet 4 for Advanced AI Voice Agent.

June 1, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

2025 Bitcoin: Main Highlights and Strategic Presents

June 1, 2025

The boring APE NFT Maker sells Moonbirds IP to the Orange Cap Game.

June 1, 2025

Binance’s average orders for Ether Leeum recorded a level in 2023.

June 1, 2025
Most Popular

AI model TxGNN leverages zero-shot learning to repurpose drugs for rare diseases.

October 4, 2024

BlockDAG among the best decentralized cryptocurrencies in 2024; $51.4M Presales Grow Kaspa and Overwhelm Bitcoin Cash Price

June 19, 2024

According to analysts, crypto whales have swallowed $76 million worth of Ethereum-based altcoins in just one week.

July 10, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.