A bug found in the Parity node\/wallet software threatened a considerable proportion of the Ethereum infrastructure. Fortunately, the company has already issued a patch to fix the vulnerability.<\/p>\n
The issue was discovered on February 3rd when Parity received several reports that attackers were able to send a specially-crafted RPC request to public Parity Ethereum nodes.<\/p>\n
\u201cOn February 3rd, we received several reports that an attacker can send a specially-crafted RPC request to a public Parity Ethereum node (any version pre 2.2.9-stable and pre 2.3.2-beta) and that node will crash,\u201d<\/strong> the announcement<\/a> read.<\/p><\/blockquote>\n
The bug had opened up an attack vector to allow nodes to be forced offline by potential attackers. If undiscovered, the attack could have threatened a sizeable portion of the Ethereum infrastructure.<\/p>\n
It would appear that the only affected nodes were the ones synced up to the JSON-RPC public services like Infura, MyEtherWallet, and MyCrypto, however, all Parity node operators are encouraged to update to the latest upgrade.<\/p>\n
\nThe fix is out\u2014please update your nodes ASAP. https:\/\/t.co\/t2bJLNuyZV<\/a><\/p>\n
While the vulnerability only directly affects Parity Ethereum nodes that serve JSONRPC as a public service (e.g., Infura, MEW, MyCrypto, etc), we recommend everyone to update their nodes immediately.<\/p>\n
\u2014 Parity Technologies (@ParityTech) February 3, 2019<\/a><\/p><\/blockquote>\n