{"id":18245,"date":"2026-03-13T09:30:08","date_gmt":"2026-03-13T09:30:08","guid":{"rendered":"https:\/\/cryptoted.net\/index.php\/2026\/03\/13\/geth-security-release-ethereum-foundation-blog\/"},"modified":"2026-03-13T09:30:08","modified_gmt":"2026-03-13T09:30:08","slug":"geth-security-release-ethereum-foundation-blog","status":"publish","type":"post","link":"https:\/\/cryptoted.net\/index.php\/2026\/03\/13\/geth-security-release-ethereum-foundation-blog\/","title":{"rendered":"Geth security release | Ethereum Foundation Blog"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"\">\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"summary\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"summary permalink\" href=\"#summary\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Summary<\/h2>\n<p class=\"chakra-text css-gi02ar\">Versions of <span class=\"chakra-text css-ons8vw\">geth<\/span> built with Go <span class=\"chakra-text css-ons8vw\"> or <span class=\"chakra-text css-ons8vw\"> are most likely affected by a critical DoS-related security vulnerability. The golang team has registered this flaw as &#8216;CVE-2020-28362&#8217;.<\/span><\/span><\/p>\n<p class=\"chakra-text css-gi02ar\">We recommend all users to rebuild (ideally <span class=\"chakra-text css-ons8vw\">v1.9.24<\/span>) with Go <span class=\"chakra-text css-ons8vw\">1.15.5<\/span> or <span class=\"chakra-text css-ons8vw\">1.14.12<\/span>, to avoid node crashes. Alternatively, if you are running binaries distributed via one of our official channels, we&#8217;re going to release <span class=\"chakra-text css-ons8vw\">v1.9.24<\/span> ourselves built with Go <span class=\"chakra-text css-ons8vw\">1.15.5<\/span>.<\/p>\n<p class=\"chakra-text css-gi02ar\">Docker images will most probably be out of date due to a missing base image, but you can check the release notes on how to temporarily build one with Go <span class=\"chakra-text css-ons8vw\">1.15.5<\/span>. Please run <span class=\"chakra-text css-ons8vw\">geth version<\/span> to verify the Go version your binary was built with.<\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"background\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"background permalink\" href=\"#background\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Background<\/h2>\n<p class=\"chakra-text css-gi02ar\">In early October, go-ethereum enrolled into Google&#8217;s <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/oss-fuzz.com\">OSS-Fuzz<\/a> program. We had previosly executed fuzzers on an ad-hoc basis and tested some different platforms.<\/p>\n<p class=\"chakra-text css-gi02ar\">On 2020-10-24, we were notified that one of our fuzzers had found a crash.<\/p>\n<p class=\"chakra-text css-gi02ar\">Upon investigation, it turned out that the root cause of the issue was a bug in the standard libraries of Go, and the issue was reported upstream.<\/p>\n<p class=\"chakra-text css-gi02ar\">Special thanks to <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/twitter.com\/AdamKorcz4\">Adam Korczynski<\/a> of Ada Logics for the initial integration of go-ethereum into OSS-Fuzz!<\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"impact\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"impact permalink\" href=\"#impact\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Impact<\/h2>\n<p class=\"chakra-text css-gi02ar\">The DoS issue can be used to crash all Geth nodes during block processing, the effects of which would be that a major part of the Ethereum network went offline.<\/p>\n<p class=\"chakra-text css-gi02ar\">Outside of Go-Ethereum, the issue is most likely relevant for all forks of Geth (such as TurboGeth or ETC&#8217;s core-geth). For an even wider context, we would refer to upstream, as the Go-team have performed an investigation of potentially affected parties.<\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"timeline\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"timeline permalink\" href=\"#timeline\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Timeline<\/h2>\n<ul role=\"list\" class=\"css-1ars4k6\">\n<li class=\"css-0\">2020-10-24: Crash report from OSS-fuzz<\/li>\n<li class=\"css-0\">2020-10-25: Investigation found that it was due to flaw in Go. Details sent to <a class=\"chakra-link css-vezwxf\" href=\"https:\/\/blog.ethereum.org\/en\/2020\/11\/12\/mailto:security@golang.org\">security@golang.org<\/a><\/li>\n<li class=\"css-0\">2020-10-26: Acknowledgement from upstream, investigation ongoing<\/li>\n<li class=\"css-0\">2020-10-26 &#8212; 2020-11-06: Potential fixes discussed, upstream investigation of potentially affected parties<\/li>\n<li class=\"css-0\">2020-11-06: Upstream tentatively scheduled fix-release for 2020-11-12<\/li>\n<li class=\"css-0\">2020-11-09: Upstream pre-announced the security release: <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/groups.google.com\/g\/golang-announce\/c\/kMa3eup0qhU\/m\/O5RSMHO_CAAJ\">https:\/\/groups.google.com\/g\/golang-announce\/c\/kMa3eup0qhU\/m\/O5RSMHO_CAAJ<\/a><\/li>\n<li class=\"css-0\">2020-11-11: Notified users about the upcoming release via the official Geth twitter <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/mobile.twitter.com\/go_ethereum\/status\/1326448260949684228\">account<\/a>, our official Discord-channel and <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/www.reddit.com\/r\/ethereum\/comments\/js4sk2\/security_go_v1155_is_coming_tomorrow_a_security\/?utm_source=share&amp;utm_medium=web2x&amp;context=3\">Reddit<\/a>.<\/li>\n<li class=\"css-0\">2020-11-12: New Go version were released, and new <span class=\"chakra-text css-ons8vw\">geth<\/span> binaries were released<\/li>\n<\/ul>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"additional-issues\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"additional issues permalink\" href=\"#additional-issues\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Additional issues<\/h2>\n<h3 class=\"chakra-heading group css-xuzltg\" id=\"mining-flaw\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"mining flaw permalink\" href=\"#mining-flaw\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Mining flaw<\/h3>\n<p class=\"chakra-text css-gi02ar\">Another security issue was brought to our attention via <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/go-ethereum\/pull\/21793\">this PR<\/a>, containing a fix to the ethash algorithm.<\/p>\n<p class=\"chakra-text css-gi02ar\">The mining flaw could cause miners to erroneously calculate PoW in an upcoming epoch. This happened on the ETC chain on 2020-11-06. It appears that this would be an issue for ETH mainnet around block <span class=\"chakra-text css-ons8vw\">11550000<\/span> \/ epoch <span class=\"chakra-text css-ons8vw\">385<\/span>, which will occur early January 2021.<\/p>\n<p class=\"chakra-text css-gi02ar\">This issue is also fixed as of <span class=\"chakra-text css-ons8vw\">1.9.24<\/span>. This issue is relevant only for miners, non-mining nodes are unaffected.<\/p>\n<h3 class=\"chakra-heading group css-xuzltg\" id=\"geth-shallow-copy-bug\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"geth shallow copy bug permalink\" href=\"#geth-shallow-copy-bug\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Geth shallow copy bug<\/h3>\n<p class=\"chakra-text css-gi02ar\">Affected: <span class=\"chakra-text css-ons8vw\">1.9.7<\/span> &#8211; <span class=\"chakra-text css-ons8vw\">1.9.16<\/span><\/p>\n<p class=\"chakra-text css-gi02ar\">Fixed: <span class=\"chakra-text css-ons8vw\">1.9.17<\/span><\/p>\n<p class=\"chakra-text css-gi02ar\">Type: Consensus vulnerability<\/p>\n<p class=\"chakra-text css-gi02ar\">On 2020-07-15, John Youngseok Yang (Software Platform Lab) reported a consensus vulnerability in Geth.<\/p>\n<p class=\"chakra-text css-gi02ar\">Geth&#8217;s pre-compiled <span class=\"chakra-text css-ons8vw\">dataCopy(0x00&#8230;04)<\/span> contract did a shallow copy on invocation, whereas Parity&#8217;s did a deep copy. An attacker could deploy a contract that<\/p>\n<ul role=\"list\" class=\"css-1ars4k6\">\n<li class=\"css-0\">writes <span class=\"chakra-text css-ons8vw\">X<\/span> to an EVM memory region <span class=\"chakra-text css-ons8vw\">R<\/span>,<\/li>\n<li class=\"css-0\">calls <span class=\"chakra-text css-ons8vw\">0x00..04<\/span> with <span class=\"chakra-text css-ons8vw\">R<\/span> as an argument,<\/li>\n<li class=\"css-0\">overwrites <span class=\"chakra-text css-ons8vw\">R<\/span> to <span class=\"chakra-text css-ons8vw\">Y<\/span>,<\/li>\n<li class=\"css-0\">and finally invokes the <span class=\"chakra-text css-ons8vw\">RETURNDATACOPY<\/span> opcode.<\/li>\n<li class=\"css-0\">When this contract is invoked, Parity would push <span class=\"chakra-text css-ons8vw\">X<\/span> on the EVM stack, whereas Geth would push <span class=\"chakra-text css-ons8vw\">Y<\/span>.<\/li>\n<\/ul>\n<h4 class=\"chakra-heading group css-qm6a1\" id=\"consequences\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"consequences permalink\" href=\"#consequences\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Consequences<\/h4>\n<p class=\"chakra-text css-gi02ar\">This was exploited on Ethereum Mainnet at block <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/etherscan.io\/block\/11234873\">11234873<\/a>, transaction <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/etherscan.io\/tx\/0x57f7f9ec3cd92a908ac05edcb372bf6bb984fec6010a360eab76613fbf3bb23f\">0x57f7f9<\/a>. Nodes <span class=\"chakra-text css-ons8vw\"><v1.9.18> were dropped off the network, causing ~30 blocks to be lost on a sidechain. It also caused Infura to drop off, which caused problems for a lot of people and services who were depending on Infura as a backend provider.<\/v1.9.18><\/span><\/p>\n<p class=\"chakra-text css-gi02ar\">More context can be found in <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/gist.github.com\/karalabe\/e1891c8a99fdc16c4e60d9713c35401f\">the Geth post-mortem<\/a> and <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/blog.infura.io\/infura-mainnet-outage-post-mortem-2020-11-11\/\">Infura post-mortem<\/a> and <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/twitter.com\/jinglanw\/status\/1326651349912719360?s=21\">here<\/a>.<\/p>\n<h3 class=\"chakra-heading group css-xuzltg\" id=\"dos-in-16-and-17\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"dos in 16 and 17 permalink\" href=\"#dos-in-16-and-17\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>DoS in <span class=\"chakra-text css-ons8vw\">.16<\/span> and <span class=\"chakra-text css-ons8vw\">.17<\/span><\/h3>\n<p class=\"chakra-text css-gi02ar\">Affected: <span class=\"chakra-text css-ons8vw\">v1.9.16<\/span>,<span class=\"chakra-text css-ons8vw\">v1.9.17<\/span><\/p>\n<p class=\"chakra-text css-gi02ar\">Fixed: <span class=\"chakra-text css-ons8vw\">v1.9.18<\/span><\/p>\n<p class=\"chakra-text css-gi02ar\">Type: DoS vulnerability during block processing<\/p>\n<p class=\"chakra-text css-gi02ar\">A DoS vulnerability was found, and fixed in <span class=\"chakra-text css-ons8vw\">v1.9.18<\/span>. We have chosen to not publish the details at this point in time.<\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"recommendations\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"recommendations permalink\" href=\"#recommendations\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Recommendations<\/h2>\n<p class=\"chakra-text css-gi02ar\">In the short term, we recommend that all users upgrade to <span class=\"chakra-text css-ons8vw\">geth<\/span> version <span class=\"chakra-text css-ons8vw\">v1.9.24<\/span> (which should be built with Go <span class=\"chakra-text css-ons8vw\">1.15.5<\/span>) immediately. Official releases can be found <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/go-ethereum\/releases\/tag\/v1.9.24\">here<\/a>.<\/p>\n<p class=\"chakra-text css-gi02ar\">If you are using Geth via Docker, there could be a few problems. If you are using <span class=\"chakra-text css-ons8vw\">ethereum\/client-go<\/span>, there are two things to be aware of:<\/p>\n<ol role=\"list\" class=\"css-vgl4zd\">\n<li class=\"css-0\">There might be a delay before the new image appears on docker hub.<\/li>\n<li class=\"css-0\">Unless the Go base images have been created quickly enough, there&#8217;s a chance that they become built with a <em class=\"chakra-text css-0\">vulnerable<\/em> version of Go.<\/li>\n<\/ol>\n<p class=\"chakra-text css-gi02ar\">If you are building docker images yourself, (via <span class=\"chakra-text css-ons8vw\">docker build .<\/span> from the repository root), then the second issue might be cause problems for you aswell.<\/p>\n<p class=\"chakra-text css-gi02ar\">So be careful to ensure that Go <span class=\"chakra-text css-ons8vw\">1.15.5<\/span> is used as the base image.<\/p>\n<p class=\"chakra-text css-gi02ar\">In the long term, we recommend that users and miners look into alternative clients too. It is our strong feeling that the resilience of the Ethereum network should not depend on any single client implementation.<br \/>\nThere is <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/hyperledger\/besu\/\">Besu<\/a>, <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/NethermindEth\/nethermind\">Nethermind<\/a>, <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/openethereum\/openethereum\">OpenEthereum<\/a> and <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ledgerwatch\/turbo-geth\">TurboGeth<\/a> and others to choose from aswell.<\/p>\n<p class=\"chakra-text css-gi02ar\">Please report security vulnerabilities either via <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/bounty.ethereum.org\">https:\/\/bounty.ethereum.org<\/a>, or via <a class=\"chakra-link css-vezwxf\" href=\"https:\/\/blog.ethereum.org\/en\/2020\/11\/12\/mailto:bounty@ethereum.org\">bounty@ethereum.org<\/a> or via <a class=\"chakra-link css-vezwxf\" href=\"https:\/\/blog.ethereum.org\/en\/2020\/11\/12\/mailto:security@ethereum.org\">security@ethereum.org<\/a>.<\/p>\n<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/blog.ethereum.org\/en\/2020\/11\/12\/geth-security-release\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary Versions of geth built with Go or are most likely affected by a critical DoS-related security vulnerability. The golang team has registered this flaw as &#8216;CVE-2020-28362&#8217;. We recommend all users to rebuild (ideally v1.9.24) with Go 1.15.5 or 1.14.12, to avoid node crashes. Alternatively, if you are running binaries distributed via one of our [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[24],"tags":[],"kronos_expire_date":[],"class_list":["post-18245","post","type-post","status-publish","format-standard","hentry","category-ethereum"],"_links":{"self":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/18245","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/comments?post=18245"}],"version-history":[{"count":0,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/18245\/revisions"}],"wp:attachment":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/media?parent=18245"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/categories?post=18245"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/tags?post=18245"},{"taxonomy":"kronos_expire_date","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/kronos_expire_date?post=18245"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}