360 Security found critical bug of EOS, welcome 360!
The 360 Vulcan team discovered a series of critical vulnerabilities in EOS, which is about to launch its mainnet on 2nd June. It has been verified that some of these vulnerabilities can remotely execute arbitrary code on the EOS node, which allows attackers to take over all nodes running on EOS remotely.
360 security has reported the vulnerability to EOS team and helped them fix the bug. According to EOS, the mainnet will not be launched until these issues are resolved.
Technical Detail of the Vulnerability
http://blogs.360.cn/blog/eos-node-remote-code-execution-vulnerability/
guhe120 replied 9 hours ago
Hi, there is still some problem with this patch. in 32-bits process, offset + segment.data.size() could overflow and bypass the FC_ASSERT check
https://github.com/EOSIO/eos/commit/ea89dce21d13d41a22b3512a27be97b4be9df755#diff-671058723b1361470a92aa367e1a24e6