Ethereum project is urging developers to fix a high-severity vulnerability

guest · Aug 25, 2021

Ethereum urges Go devs to fix severe chain-split vulnerability
August 25, 2021
https://www.bleepingcomputer.com/ne...devs-to-fix-severe-chain-split-vulnerability/

Ethreum project is urging developers to apply a hotfix to squash a high-severity vulnerability.

The chain-split vulnerability tracked as CVE-2021-39137, impacts "Geth," the official Golang implementation of the Ethereum protocol.
Such flaws can cause corruption in blockchain services, and lead to massive outages, like the Ethereum network outage from last year.
Click to expand...

Attack vector details withheld for now
This week, Ethereum project maintainers are urging Go developers using "go-ethereum" aka Geth to switch to version 1.10.8 which fixes a high-severity vulnerability.

Ethereum devs had given everyone an advance heads up last week regarding the upcoming version without revealing too much:

PSA: On Tuesday Aug 24th, Geth will issue a hotfix to a high severity security issue. Please make any necessary preparations to upgrade to the upcoming release (v.1.10.8). #ethereum #geth
— Go Ethereum (@go_ethereum) August 18, 2021
Click to expand...

"The exact attack vector will be provided at a later date to give node operators and dependent downstream projects time to update their nodes and software," said Péter Szilágyi, Ethereum's team lead.

The engineer, however, does not underestimate the possibility of malicious actors exploiting chain-split flaws.

"Opposed to that, the probability of someone maliciously triggering it if highlighted as a security issue is not insignificant," warns the expert in his writeup.
Flaw found during Telos blockchain platform audit
Interestingly, the flaw was discovered during an audit of the Telos EVM platform, after Telos had engaged Sentnl as their auditor.
Click to expand...

Telos: Telos EVM Audit Finds "High Severity Security Issue" in Ethereum EVM Code

Log in or Sign up

Ethereum project is urging developers to fix a high-severity vulnerability

guest Guest

Log in or Sign up

Ethereum project is urging developers to fix a high-severity vulnerability

guest Guest

Useful Searches