EF Blog

ETH top background starting image
ETH bottom background ending image
Skip to content

Security Alert – Geth suffers from a very low probable DoS attack vector - Update immediately

Posted by Jeffrey Wilcke on May 17, 2016

Security Alert – Geth suffers from a very low probable DoS attack vector - Update immediately

Affected configurations: All Go client versions 

Likelihood: Very low

Severity: High

Details: A bug in Geth (and potentially other clients) may suffer from a DoS attack and allows remote attackers to stall synchronisation process almost indefinitely by supplying a valid, lighter chain. More information will be given out a later time including the report that was submitted through the bug bounty program.

Effects on expected chain reorganisation depth: None

Proposed temporary workaround: None

Remedial action taken by Ethereum: Provision of hotfixes as below:

If you're using Mist: download the updated binary from the release page

If using the PPA: sudo apt-get update then sudo apt-get upgrade

If using brew: brew update then brew reinstall ethereum

If using a windows binary: download the updated binary from the release page

If you are building from source: git pull followed by make geth (please use the Master branch 94ad694a26ca3f7776ec8240802596755e5d5c0a)

Stay Updated

Subscribe to get email notifications about the topics you care about. Choose from research, events, security updates, and more.


Categories