Anza Fixes Solana Virtual Machine Vulnerability, Recommends Upgrading to v2.2.8

Binance News · 2025-04-25T01:21:08.000Z

据吴说报道，Anza 报告 Solana 虚拟机（SVM）中 ed25519 和 secp256k1 预编译程序漏洞，影响运行 v2.2 版本并启用 --transaction-structure view 的验证者节点。漏洞因假设交易指令数据为 2 字节对齐，在新交易视图无对齐保证下导致错误，引发领导节点与集群间银行哈希不匹配，可能造成节点崩溃及网络可用性风险。漏洞于 4 月 9 日由 Temporal 报告，Anza 于 4 月 11 日发布 v2.2.8 修复，移除对齐假设。此漏洞不影响资金安全。Anza 建议禁用 --transaction-structure view 并升级至修补版本。

Binance News

--・Verified Binance official account

AI Summary

Anza fixes the Solana virtual machine vulnerability and recommends upgrading to v2.2.8. The vulnerability may cause node crashes and network availability risks, so it is recommended to upgrade as soon as possible.

According to reports from Wu, Anza reported a vulnerability in the ed25519 and secp256k1 precompiled programs in the Solana Virtual Machine (SVM) affecting validator nodes running version 2.2 with the --transaction-structure view enabled. The vulnerability arose from the assumption that transaction instruction data was 2-byte aligned, leading to errors under the new transaction view with no alignment guarantees, causing discrepancies between the leader node and the bank hash within the cluster, which could result in node crashes and risks to network availability. The vulnerability was reported on April 9 by Temporal, and Anza released version 2.2.8 on April 11 to fix it by removing the alignment assumption. This vulnerability does not affect fund security. Anza recommends disabling the --transaction-structure view and upgrading to the patched version.

Disclaimer: Includes third-party opinions. No financial advice. May include sponsored content. See T&Cs.

SOL

147.07

-0.48%

Anza Fixes Solana Virtual Machine Vulnerability, Recommends Upgrading to v2.2.8

Latest News

Trending Articles