Security experts from the 360 Core Security Team have found and successfully exploited a buffer out-of-bounds write vulnerability in EOS node when parsing a WASM file. To use this vulnerability, attacker could upload a malicious smart contract to the nodes server. After the contract get parsed by nodes server, the malicious payload could execute on the server and take control of it. Attacker could then pack the malicious contract into the new block and further control all nodes of the EOS network. To reproduce the vulnerability, build the release version of latest EOS code.”]
Source: https://securityaffairs.co/wordpress/73015/hacking/eos-node-rce.html