Update: Go-Ethereum vulnerable to denial of service via malicious p2p message #754

taariq · 2023-09-06T21:57:10Z

3 repositories in your palomachain organization might be affected by a security vulnerability.
https://github.com/advisories/GHSA-ppjg-v974-84cm/dependabot?query=user:palomachain

byte-bandit · 2023-09-07T13:50:03Z

As discussed, we're not a direct consumer of go-ethereum any longer.

At the moment, we rely mostly on

At the moment, the Arbitrum fork has merged in the changes for 1.12.0 only, 1.12.1 is still outstanding: OffchainLabs/go-ethereum#248

The same goes for Optimism, which is also stuck as 1.12.0 with no indicator of 1.12.1 on the horizon: ethereum-optimism/op-geth#104

This means we're effectively blocked until both teams update their library to include the changes from 1.12.1 of go-ethereum.

taariq · 2023-09-07T14:02:49Z

Closing until our upstream partners release.

byte-bandit · 2023-09-07T14:50:02Z

@taariq Let's capture this as something to revisit in the future somewhere, I don't want to lose sight of it until it's too late.

taariq assigned byte-bandit Sep 6, 2023

taariq added the enhancement New feature or request label Sep 6, 2023

taariq closed this as completed Sep 7, 2023

Tristan-Wilson mentioned this issue Sep 20, 2023

Merge v1.12.1 pre OffchainLabs/go-ethereum#248

Closed

Provide feedback