Discovered vulnerability threatens about a quarter of Ethereum


Security service Parity, supplier of about a quarter of the nodes in the Ethereum network, has released a notification detailing the detected potentially critical security vulnerability.

According to the notification, there is a vulnerability with RPC requests, which creates an attacker to disable the Parity node offline, which is a potential threat to 25% of Ethereum.

The security service issued a warning that it is necessary to update nodes ASAP Ethereum as soon as possible, since we found a vector node by writing:

“3 February, we received several reports that the attacker can send a specially crafted RPC request to the public node Parity Ethereum (any version prior to 2.2.9-stable and pre-2.3.2-beta), and this node may fail”.

Among the victims may be Parity nodes Ethereum, which serve JSONRPC as public services, for example, Infura, MyEtherWallet, MyCrypto and other infrastructure.

A hotfix is available to update as soon as possible

In Parity noted that updates to 2.2.9-stable and 2.3.2-beta are already available and fixes this problem. The security service recommends that the update nodes to the latest version as soon as possible especially for those using JSONRPC. The nodes with the prescribed level `—auto-update = all` will receive the updates automatically.

Although recently in Ethereum there were problems when users are unable to update their software in connection with a delay system-wide updates in Constantinople. However, Parity has already developed a fix and immediately released an update that gives the ability to protect from vulnerability, eliminating potential risks.

If you find a mistake on please highlight the text and press Ctrl+Enter.

Tags: Ethereum Parity


Please enter your comment!
Please enter your name here

19 − one =