Ethereum Blog

Security Advisory [Implementation bugs in Go and Python clients can cause DoS – Fixed – Please update clients]



Jutta Steiner


Security Alert – [Previous security patch can lead to invalid state root on Go clients with a specific transaction sequence – Fixed. Please update.] 10th September, 2015

Security Alert – [Implementation bug in Go clients causing increase in difficulty – Fixed – Miners check and update Go clients] 03rd September, 2015


Security Advisory [Implementation bugs in Go and Python clients can cause DoS – Fixed – Please update clients]

Posted on .

State transition and consensus issue in geth client causes panic (crash) when processing a (valid) block with a specific combination of transactions, which may cause overall network instability if block is accepted and relayed by unaffected clients thus causing a DoS. This may happen in a block that contains transactions which suicide to the block reward address.

Affected configurations: Issue reported for Geth.While investigating the issue, related issues were discovered and corrected in pyethereum, hence pyethapp is also affected. C++ clients are unaffected.

Likelihood: Low

Severity: High

Complexity: High

Impact: Network Instability and DoS

Details: A block containing a specific combination of transactions which include one or more SUICIDE calls, while valid, causes panic crash in go-ethereum client and crash in pyethereum. Additional details may be posted when available.

Effects on expected chain reorganisation depth: None.

Remedial action taken by Ethereum: Provision of fixes as below.

Proposed temporary workaround: Switch to unaffected client such as eth (C++).

Fix:Upgrade geth and pyethereum client software.

go-ethereum (geth):

Please note that the current stable version of geth is now 1.1.1; if you are running 1.0 and using a package manager such as apt-get or homebrew the client will be upgraded.

If using the PPA: sudo apt-get update then sudo apt-get upgrade

If using brew: brew update then brew reinstall ethereum

If using a windows binary: download the updated binary.

If you are building from source: git pull followed by make geth (please use the Master branch commit 8f09242d7f527972acb1a8b2a61c9f55000e955d)


The correct version for this update on Ubuntu AND OSX is Geth/v1.1.1-8f09242d


Users of pyethapp should reinstall

> pip install pyethapp --force-reinstall


Jutta Steiner

There are no comments.

Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

View Comments (0) ...