{"id":9663,"date":"2025-03-13T01:35:30","date_gmt":"2025-03-13T00:35:30","guid":{"rendered":"https:\/\/wsj-crypto.com\/?p=9663"},"modified":"2025-03-13T01:35:30","modified_gmt":"2025-03-13T00:35:30","slug":"critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities","status":"publish","type":"post","link":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/","title":{"rendered":"Critical Security Alert: Update Your Go and Python Clients to Address DoS Vulnerabilities"},"content":{"rendered":"

<\/p>\n

\n

The state transition and consensus problem in the Geth client triggers a panic (crash) when handling a (valid) block containing a particular arrangement of transactions, which could lead to overall network instability if the block is accepted and propagated by unaffected clients, thus creating a DoS. This scenario may occur in a block that includes transactions that self-terminate to the block reward address. <\/strong><\/p>\n

<\/p>\n

Impaired configurations: <\/b>This issue has been noted for Geth. During the examination of this problem, related issues were identified and rectified in pyethereum, meaning pyethapp is also compromised. C++ clients remain unaffected.<\/span><\/p>\n

<\/p>\n

Probability: <\/b>Low<\/span><\/p>\n

<\/p>\n

Severity: <\/b>High<\/span><\/p>\n

<\/p>\n

Complexity: <\/b>High<\/span><\/p>\n

<\/p>\n

Consequences: <\/b>Network Instability and DoS<\/span><\/p>\n

<\/p>\n

Information: A block with a certain arrangement of transactions that incorporate one or more SUICIDE calls, although valid, results in a panic crash in the go-ethereum client and failure in pyethereum. Additional information may be provided as it becomes available.<\/span><\/b><\/p>\n

<\/p>\n

Impact on anticipated chain reorganisation depth:\u00a0<\/b>None.<\/p>\n

<\/p>\n

Actions taken by Ethereum<\/b>: Provision of corrections as outlined below.<\/span><\/p>\n

<\/p>\n

Suggested temporary solution:<\/b> Transition to an unaffected client such as eth (C++).<\/span><\/p>\n

<\/p>\n

Resolution:<\/b> Update the geth and pyethereum client software.<\/span><\/p>\n

<\/p>\n

go-ethereum (geth):<\/b><\/p>\n

<\/p>\n

Please be aware that the current stable version of geth is now 1.1.1; if you are operating version 1.0 and utilizing a package manager such as apt-get or homebrew, the client will be updated.<\/span><\/p>\n

<\/p>\n

If using the PPA: <\/span>sudo apt-get update<\/span> then <\/span>sudo apt-get upgrade<\/span><\/p>\n

<\/p>\n

If employing brew: <\/span>brew update<\/span> then <\/span>brew reinstall ethereum<\/span><\/p>\n

<\/p>\n

If utilizing a Windows binary: download the <\/span>updated binary<\/span><\/a>.<\/span><\/p>\n

<\/p>\n

If building from source: <\/span>git pull<\/span> followed by <\/span>make geth<\/span> (please use the Master branch commit <\/span>8f09242d7f527972acb1a8b2a61c9f55000e955d)<\/span><\/span><\/p>\n

<\/p>\n

\u00a0<\/p>\n

<\/p>\n

The precise version for this update on Ubuntu AND OSX is Geth\/v1.1.1-<\/span>8f09242d<\/span><\/p>\n

<\/p>\n

pyethereum:<\/b><\/p>\n

<\/p>\n

Users of pyethapp should reinstall <\/span><\/p>\n

<\/p>\n

> pip install pyethapp –force-reinstall<\/span><\/span><\/p>\n<\/div>\n


\n
Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The state transition and consensus problem in the Geth client triggers a panic (crash) when handling a (valid) block containing a particular arrangement of transactions, which could lead to overall network instability if the block is accepted and propagated by unaffected clients, thus creating a DoS. This scenario may occur in a block that includes<\/p>\n","protected":false},"author":3,"featured_media":8282,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[1681],"class_list":["post-9663","post","type-post","status-publish","format-standard","has-post-thumbnail","category-ethereum","tag-return-a-list-of-comma-separated-tags-from-this-title-security-advisory-implementation-bugs-in-go-and-python-clients-can-cause-dos-fixed-please-update-clients"],"yoast_head":"\nCritical Security Alert: Update Your Go and Python Clients to Address DoS Vulnerabilities - WSJ-Crypto<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical Security Alert: Update Your Go and Python Clients to Address DoS Vulnerabilities - WSJ-Crypto\" \/>\n<meta property=\"og:description\" content=\"The state transition and consensus problem in the Geth client triggers a panic (crash) when handling a (valid) block containing a particular arrangement of transactions, which could lead to overall network instability if the block is accepted and propagated by unaffected clients, thus creating a DoS. This scenario may occur in a block that includes\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"WSJ-Crypto\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-13T00:35:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"2100\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"wsjcrypto\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"wsjcrypto\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/\",\"url\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/\",\"name\":\"Critical Security Alert: Update Your Go and Python Clients to Address DoS Vulnerabilities - WSJ-Crypto\",\"isPartOf\":{\"@id\":\"https:\/\/wsj-crypto.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\",\"datePublished\":\"2025-03-13T00:35:30+00:00\",\"author\":{\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7\"},\"breadcrumb\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/#primaryimage\",\"url\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\",\"contentUrl\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\",\"width\":2100,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wsj-crypto.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical Security Alert: Update Your Go and Python Clients to Address DoS Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/wsj-crypto.com\/#website\",\"url\":\"https:\/\/wsj-crypto.com\/\",\"name\":\"WSJ-Crypto\",\"description\":\"Just Another Crypto News Website\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/wsj-crypto.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7\",\"name\":\"wsjcrypto\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g\",\"caption\":\"wsjcrypto\"},\"url\":\"https:\/\/wsj-crypto.com\/index.php\/author\/wsjcrypto\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical Security Alert: Update Your Go and Python Clients to Address DoS Vulnerabilities - WSJ-Crypto","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/","og_locale":"it_IT","og_type":"article","og_title":"Critical Security Alert: Update Your Go and Python Clients to Address DoS Vulnerabilities - WSJ-Crypto","og_description":"The state transition and consensus problem in the Geth client triggers a panic (crash) when handling a (valid) block containing a particular arrangement of transactions, which could lead to overall network instability if the block is accepted and propagated by unaffected clients, thus creating a DoS. This scenario may occur in a block that includes","og_url":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/","og_site_name":"WSJ-Crypto","article_published_time":"2025-03-13T00:35:30+00:00","og_image":[{"width":2100,"height":900,"url":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","type":"image\/jpeg"}],"author":"wsjcrypto","twitter_card":"summary_large_image","twitter_misc":{"Scritto da":"wsjcrypto","Tempo di lettura stimato":"2 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/","url":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/","name":"Critical Security Alert: Update Your Go and Python Clients to Address DoS Vulnerabilities - WSJ-Crypto","isPartOf":{"@id":"https:\/\/wsj-crypto.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/#primaryimage"},"image":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","datePublished":"2025-03-13T00:35:30+00:00","author":{"@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7"},"breadcrumb":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/#primaryimage","url":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","contentUrl":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","width":2100,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/13\/critical-security-alert-update-your-go-and-python-clients-to-address-dos-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wsj-crypto.com\/"},{"@type":"ListItem","position":2,"name":"Critical Security Alert: Update Your Go and Python Clients to Address DoS Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/wsj-crypto.com\/#website","url":"https:\/\/wsj-crypto.com\/","name":"WSJ-Crypto","description":"Just Another Crypto News Website","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wsj-crypto.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Person","@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7","name":"wsjcrypto","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g","caption":"wsjcrypto"},"url":"https:\/\/wsj-crypto.com\/index.php\/author\/wsjcrypto\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/9663","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/comments?post=9663"}],"version-history":[{"count":2,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/9663\/revisions"}],"predecessor-version":[{"id":9665,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/9663\/revisions\/9665"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/media\/8282"}],"wp:attachment":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/media?parent=9663"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/categories?post=9663"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/tags?post=9663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}