Data: Just 2/3 of ETH Nodes Running Parity Have Been Patched Against Critical Security Flaw

Published on by Cointele | Published on

Mentioned in this article
Global hacking research collective SRLabs claims that only two thirds of the Ethereum client software that runs on Ethereum nodes has been patched against a critical security flaw discovered earlier this year.

An SRLabs report ostensibly shared with ZDNet has reportedly revealed that the critical flaw is a denial of service vulnerability in the Ethereum Parity client.

As SRLabs has outlined, the flaw could enable a hacker to remotely crash legitimate Parity Ethereum nodes by sending malformed packets.

"According to our collected data, only two thirds of nodes have been patched so far."

One month after the issue was successfully patched in the new Parity release, SRLabs researchers reportedly scanned the Ethereum blockchain to check how many Parity nodes had updated their clients to the new version.

"One month after this alert, we used data from Ethernodes.org to assess the security of the Ethereum node landscape and found that around 40% of all scanned Parity Ethereum nodes remained unpatched and thus vulnerable to the mentioned attack."

The data reportedly indicates that unpatched Parity nodes comprise 15% of all scanned nodes - implying that 15% of all Ethereum nodes are vulnerable to a potential 51% attack.

The sluggish pace of patching in response to discovered vulnerabilities was purportedly further demonstrated in SRLabs' broader analysis, which found that 7% of active Parity Ethereum nodes had not been patched for nine months, leaving them susceptible to other detected flaws.

A similar slow pace was discovered for a different Ethereum node client, Go-Ethereum, with 44% of Geth nodes reportedly not undergoing a critical security update.

The unpatched nodes ostensibly pose a risk to the entire network, as they could be crashed to reduce the costs of carrying out a blockchain-wide 51% attack, ZDNet notes.

x