EF Blog

ETH top background starting image
ETH bottom background ending image
Skip to content

Security Alert – Geth suffers from a very low probable DoS attack vector - Update immediately

Posted by Jeffrey Wilcke on May 17, 2016

Security Alert – Geth suffers from a very low probable DoS attack vector - Update immediately

Affected configurations: All Go client versions 

Likelihood: Very low

Severity: High

Details: A bug in Geth (and potentially other clients) may suffer from a DoS attack and allows remote attackers to stall synchronisation process almost indefinitely by supplying a valid, lighter chain. More information will be given out a later time including the report that was submitted through the bug bounty program.

Effects on expected chain reorganisation depth: None

Proposed temporary workaround: None

Remedial action taken by Ethereum: Provision of hotfixes as below:

If you're using Mist: download the updated binary from the release page

If using the PPA: sudo apt-get update then sudo apt-get upgrade

If using brew: brew update then brew reinstall ethereum

If using a windows binary: download the updated binary from the release page

If you are building from source: git pull followed by make geth (please use the Master branch 94ad694a26ca3f7776ec8240802596755e5d5c0a)

Categories