We use cookies on this site to enhance your user experience. By clicking Accept all, you agree to the use of all cookies. If you do not want to allow all types of cookies, click on Manage. If you only want to allow the technically necessary cookies, click on Reject all. For further information, please refer to our privacy policy.

Parity Logo

Security Alert: Update Parity Ethereum nodes ASAP; node attack vector discovered

Parity Technologies

Parity Technologies

Powering the decentralized Web @ Parity Technologies

February 03, 2019 in

1 min read

On February 3rd, we received several reports that an attacker can send a specially-crafted RPC request to a public Parity Ethereum node (any version pre 2.2.9-stable and pre 2.3.2-beta) and that node will crash.

Who’s affected?

Affected Parity Ethereum nodes are those that serve JSONRPC as a public service.

Who’s not directly affected?

Parity Ethereum nodes who don’t serve JSONRPC to third parties on the internet—i.e., most nodes—should not be directly affected. The default mode is to not serve JSONRPC publicly.

Fix available—update ASAP

Releases 2.2.9-stable and 2.3.2-beta are now available and fix this issue. Download them here.

Please update your nodes to the newest version ASAP, especially if you’re running a publicly-facing JSONRPC endpoints. Nodes with `--auto-update=all` flag set will receive the updates automatically.

Bug bounty program

Thanks to Kosala Hemachandra from MyEtherWallet for being the first to bring this to our attention. As always, we welcome and reward bug findings as per our bug bounty program.

Want to build the future of the web? We're hiring

More recent stories

One Repo to Rule Them All: A Data-Driven Look at Polkadot's Monorepo

January 30, 2024

One Repo to Rule Them All: A Data-Driven Look at Polkadot's Monorepo

Read More
We just released ink! 4.0!

February 08, 2023

We just released ink! 4.0!

Read More
Parity Leadership Update

October 21, 2022

Parity Leadership Update

Read More

Join the discussion: