Saturday, September 25, 2021
HomeNewsEthereum client Geth: Urgent update due to serious vulnerability

Ethereum client Geth: Urgent update due to serious vulnerability

The developers of the Ethereum client Geth urge all users to immediately install an update to the patched version v1.10.8 called “Hades Gamma” due to a security gap. There is a serious vulnerability in Geth’s Ethereum Virtual Machine (CVE-2021-39137). If used, it could lead to a node operated with Geth no longer being able to process the Ethereum blockchain.

Further details about the gap will not be disclosed until a later date, according to the statement on Tuesday. This should give node operators and software-dependent projects enough time for an update. Vulnerable are all Geth versions that support the hard fork called “London” that was implemented at the beginning of August and, among other things, changed the transaction fees at Ethereum. The bug is much older, however, and ultimately all Geth users should definitely update. The security researcher Guido Vranken discovered the gap.

Geth, or Go-Ethereum, is the implementation of a client for the Ethereum network, written in the Go language. As a command line tool, the application is aimed primarily at advanced users and developers – and is very popular among them. According to the analysis service, around 75 percent of all nodes in the Ethereum network are operated via Geth. It is therefore important for the integrity of the Ethereum blockchain that Geth users have the same software status.

In November 2020, such an update campaign for Geth went wrong: The Geth developers had submitted a new version with a patch for a bug without pointing out or warning. Since not all node operators switched to the new version, there was a brief split in the Ethereum blockchain, which separated the old Geth versions from the rest. Among other things, the infrastructure service provider Infura was affected, which operates Ethereum nodes as a service for numerous other projects, for example from the decentralized finance (DeFi) ecosystem.

“With our last hotfix, people were upset that we didn’t announce it. This time we’re doing it differently,” explained Ethereum developer Péter Szilágyi via Twitter. “Let’s see what works better”.


To home page

Hasan Sheikh
Hasan, who loves technology and games, is studying Computer Engineering at Delhi JNU. He has been writing technology news since 2016.


Please enter your comment!
Please enter your name here

Trending News

Recent Comments