Developers fix a serious bug in Ethereum’s popular client

Developers of the leading Ethereum client have released a new version, Geth v1.10.8, addressing a serious vulnerability in the code.

Heads up!

Geth v1.10.8 is out, fixing a security vulnerability in all live versions of Geth. All Geth users need to update.

Further details will be provided at a later date to avoid attacks on #Ethereum and downstream projects.https://t.co/VQ398K0TA4

— Go Ethereum (@go_ethereum) August 24, 2021

\n\n\n

The exact vector of the attack will be provided later so that node operators and dependent projects can update themselves, the message says.

\n\n\n\n

According to the developers, all versions of Geth that support the London hardfork are vulnerable. They urged users to install the new client version.

\n\n\n\n

According to Ethernodes.org, at the time of writing 74.5% of nodes run Geth.

\n\n

\n\n\n\n

In 2016, the Geth client suffered a large-scale DDoS attack. The most effective remedy was to connect nodes to alternative software.

\n\n

In August 2020, the bug in the Parity-Ethereum and OpenEthereum clients led to a synchronization error affecting 13% of nodes in the network. Around the same time, Geth team leader Peter Szilágyi spoke against creating a catalog of critical vulnerabilities — in his view, that threatens the Ethereum network and could lead to adverse financial consequences.

\n\n

Earlier in May 2021, Ethereum Foundation developer Tim Beiko spoke about the problem in the EIP-1559 proposal, which could lead to network congestion.

\n\n

Subscribe to ForkLog’s channel on YouTube!