Vulnerabilites related to bitcoinknots - bitcoin_knots
Vulnerability from fkie_nvd
Published
2018-09-19 08:29
Modified
2024-11-21 03:53
Severity ?
Summary
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | * | |
| bitcoinknots | bitcoin_knots | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B631450-47D0-4BE4-8A80-CBAC0ED15B79",
"versionEndExcluding": "0.14.3",
"versionStartIncluding": "0.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7644C16B-2B66-4A66-BAB3-923D7BB1A9A3",
"versionEndExcluding": "0.15.2",
"versionStartIncluding": "0.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5F1D9C-B758-4A43-B59E-D9E436804EC0",
"versionEndExcluding": "0.16.3",
"versionStartIncluding": "0.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB243061-9C18-44FD-ABAD-0759DCFC2E42",
"versionEndExcluding": "0.16.3",
"versionStartIncluding": "0.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash."
},
{
"lang": "es",
"value": "Bitcoin Core en versiones 0.14.x anteriores a la 0.14.3, 0.15.x anteriores a la 0.15.2 y 0.16.x anteriores a la 0.16.3 y Bitcoin Knots desde las versiones 0.14.x hasta las 0.16.x anteriores a la 0.16.3 permiten una denegaci\u00f3n remota de servicio (cierre inesperado de la aplicaci\u00f3n) explotable por mineros mediante entradas duplicadas. Un atacante puede provocar el cierre inesperado de bitcoind o de Bitcoin-Qt."
}
],
"id": "CVE-2018-17144",
"lastModified": "2024-11-21T03:53:57.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-19T08:29:00.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2018/09/18/release-0.16.3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2018/09/18/release-0.16.3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-11 12:29
Modified
2024-11-21 04:01
Severity ?
Summary
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoinknots | bitcoin_knots | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "529F2E93-27AA-42A9-A853-BE1AFA4EFE6E",
"versionEndIncluding": "0.17.1",
"versionStartIncluding": "0.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AD00B7-0C92-426F-8404-6C206C78BF5B",
"versionEndIncluding": "0.17.0",
"versionStartIncluding": "0.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port."
},
{
"lang": "es",
"value": "Bitcoin Core, desde la versi\u00f3n 0.12.0 hasta la 0.17.1 y Bitcoin Knots, desde la versi\u00f3n 0.12.0 hasta la 0.17.x antes de la 0.17.1.knots20181229 tienen un control de acceso incorrecto. Los usuarios locales pueden explotar esta vulnerabilidad para robar dinero enlazando el puerto localhost IPv4 RPC y reenviando peticiones al puerto localhost IPv6."
}
],
"id": "CVE-2018-20587",
"lastModified": "2024-11-21T04:01:47.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-11T12:29:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-09 19:15
Modified
2024-11-21 08:36
Severity ?
Summary
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoinknots | bitcoin_knots | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1179DE7-9710-433D-83B8-0CE1A7CC8BF7",
"versionEndIncluding": "26.0",
"versionStartIncluding": "0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42AEEA35-5598-4E0A-B693-5D0918ED30B7",
"versionEndExcluding": "25.1",
"versionStartIncluding": "0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it \"not a bug.\""
},
{
"lang": "es",
"value": "En Bitcoin Core hasta 26.0 y Bitcoin Knots anteriores a 25.1.knots20231115, los l\u00edmites de tama\u00f1o del portador de datos se pueden eludir ofuscando los datos como c\u00f3digo (por ejemplo, con OP_FALSE OP_IF), tal como lo explot\u00f3 Inscriptions en 2022 y 2023."
}
],
"id": "CVE-2023-50428",
"lastModified": "2024-11-21T08:36:57.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-09T19:15:07.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/bitcoin/bitcoin/tags"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://twitter.com/LukeDashjr/status/1732204937466032285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/bitcoin/bitcoin/tags"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://twitter.com/LukeDashjr/status/1732204937466032285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-10 17:15
Modified
2024-11-21 03:53
Severity ?
Summary
Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145 | Vendor Advisory | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://invdos.net | Third Party Advisory | |
| cve@mitre.org | https://invdos.net/paper/CVE-2018-17145.pdf | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://invdos.net | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://invdos.net/paper/CVE-2018-17145.pdf | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bcoin | bcoin | * | |
| bitcoin | bitcoin_core | * | |
| bitcoinknots | bitcoin_knots | * | |
| btcd_project | btcd | 0.3.0 | |
| btcd_project | btcd | 0.3.1 | |
| btcd_project | btcd | 0.3.2 | |
| btcd_project | btcd | 0.3.3 | |
| btcd_project | btcd | 0.4.0 | |
| btcd_project | btcd | 0.5.0 | |
| btcd_project | btcd | 0.6.0 | |
| btcd_project | btcd | 0.7.0 | |
| btcd_project | btcd | 0.8.0 | |
| btcd_project | btcd | 0.9.0 | |
| btcd_project | btcd | 0.10.0 | |
| btcd_project | btcd | 0.11.0 | |
| btcd_project | btcd | 0.11.1 | |
| btcd_project | btcd | 0.12.0 | |
| btcd_project | btcd | 0.13.0 | |
| btcd_project | btcd | 0.13.0 | |
| btcd_project | btcd | 0.20.0 | |
| btcd_project | btcd | 0.20.1 | |
| decred | dcrd | * | |
| litecoin | litecoin | * | |
| namecoin | namecoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bcoin:bcoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D47D52B-8C16-4A9C-ADFC-92B0C8C4C7E2",
"versionEndExcluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54E8DE3C-5E58-4BAB-8C28-EC7CF9749B0B",
"versionEndExcluding": "0.16.2",
"versionStartIncluding": "0.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD003E0-D891-4340-9818-7231219F72B0",
"versionEndExcluding": "0.16.2",
"versionStartIncluding": "0.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.3.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "F24D4ED2-623F-44E4-9BE7-E8F4004A26B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.3.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "DFA56887-43B2-4831-883C-D4E9C3B2AD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.3.2:alpha:*:*:*:*:*:*",
"matchCriteriaId": "8701A58C-A87A-42DD-B841-960246BE486A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.3.3:alpha:*:*:*:*:*:*",
"matchCriteriaId": "6B066ACB-83C2-4678-AFAA-0C1A9AA592E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "C036F3F2-A5ED-47BA-B98C-08788C8E390B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.5.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "CB365F56-5FD5-4C2C-9E37-0352A981C427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.6.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "F02ECCBD-18C8-4CF9-9611-55454506EA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.7.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "81BA7357-679A-4950-A38F-56E4423339FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.8.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "117660E8-0A79-4558-88C6-00B96C896967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.9.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "82BC5866-F639-47E1-A083-F383A9E40E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "CB7F92D5-42D4-4EFD-929A-15ADC79A79CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "E386CD33-130A-4064-8112-4B492E7A437F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.11.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "4F0976B7-1D89-41A3-AA8C-035A0646B3FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.12.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "6FFE3B5E-B0FD-469E-AFB6-E5E77964ED4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.13.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "5D6EBD54-5A03-4022-BE66-D3F380CAFADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.13.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "08F558B9-DAD3-47B0-A56B-F574CAC36CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.20.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "00C62A96-3EBC-4FA4-8BF1-718F5E6B3A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.20.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "029A3CB7-0076-4908-9EA7-127F549739A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:decred:dcrd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "257D3613-4A8C-4C78-A219-85793EE29132",
"versionEndExcluding": "1.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:litecoin:litecoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "265C6B30-51DA-45FD-9637-7BA9DFDD27AB",
"versionEndExcluding": "0.16.2",
"versionStartIncluding": "0.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:namecoin:namecoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30BE44E8-2ADB-4F7B-855E-9539AD459278",
"versionEndExcluding": "0.16.2",
"versionStartIncluding": "0.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15."
},
{
"lang": "es",
"value": "Bitcoin Core versiones 0.16.x anteriores a 0.16.2 y Bitcoin Knots versiones 0.16.x anteriores a 0.16.2, permite la denegaci\u00f3n de servicio remota por medio de una avalancha de mensajes inv de transacciones m\u00faltiples con hashes aleatorios, tambi\u00e9n se conoce como INVDoS. NOTA: esto tambi\u00e9n puede afectar a otras criptomonedas, por ejemplo, si se bifurcaron desde Bitcoin Core despu\u00e9s del 15/11/2017"
}
],
"id": "CVE-2018-17145",
"lastModified": "2024-11-21T03:53:57.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-10T17:15:25.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://invdos.net"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://invdos.net/paper/CVE-2018-17145.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://invdos.net"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://invdos.net/paper/CVE-2018-17145.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-17144 (GCVE-0-2018-17144)
Vulnerability from cvelistv5
Published
2018-09-19 08:00
Modified
2024-08-05 10:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bitcoincore.org/en/2018/09/18/release-0.16.3/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JinBean/CVE-Extension"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T19:18:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bitcoincore.org/en/2018/09/18/release-0.16.3/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JinBean/CVE-Extension"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144"
},
{
"name": "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md",
"refsource": "MISC",
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md"
},
{
"name": "https://bitcoincore.org/en/2018/09/18/release-0.16.3/",
"refsource": "MISC",
"url": "https://bitcoincore.org/en/2018/09/18/release-0.16.3/"
},
{
"name": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md",
"refsource": "MISC",
"url": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md"
},
{
"name": "https://github.com/JinBean/CVE-Extension",
"refsource": "MISC",
"url": "https://github.com/JinBean/CVE-Extension"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17144",
"datePublished": "2018-09-19T08:00:00",
"dateReserved": "2018-09-18T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50428 (GCVE-0-2023-50428)
Vulnerability from cvelistv5
Published
2023-12-09 00:00
Modified
2024-08-02 22:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/LukeDashjr/status/1732204937466032285"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it \"not a bug.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T16:57:05.960073",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://twitter.com/LukeDashjr/status/1732204937466032285"
},
{
"url": "https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799"
},
{
"url": "https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md"
},
{
"url": "https://github.com/bitcoin/bitcoin/tags"
},
{
"url": "https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50428",
"datePublished": "2023-12-09T00:00:00",
"dateReserved": "2023-12-09T00:00:00",
"dateUpdated": "2024-08-02T22:16:46.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20587 (GCVE-0-2018-20587)
Vulnerability from cvelistv5
Published
2019-02-11 12:00
Modified
2024-08-05 12:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-11T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587"
},
{
"name": "https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b",
"refsource": "MISC",
"url": "https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20587",
"datePublished": "2019-02-11T12:00:00",
"dateReserved": "2018-12-30T00:00:00",
"dateUpdated": "2024-08-05T12:05:17.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17145 (GCVE-0-2018-17145)
Vulnerability from cvelistv5
Published
2020-09-10 16:32
Modified
2024-08-05 10:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://invdos.net/paper/CVE-2018-17145.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://invdos.net"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-10T16:32:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://invdos.net/paper/CVE-2018-17145.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://invdos.net"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md",
"refsource": "MISC",
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md"
},
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145"
},
{
"name": "https://invdos.net/paper/CVE-2018-17145.pdf",
"refsource": "CONFIRM",
"url": "https://invdos.net/paper/CVE-2018-17145.pdf"
},
{
"name": "https://invdos.net",
"refsource": "CONFIRM",
"url": "https://invdos.net"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17145",
"datePublished": "2020-09-10T16:32:13",
"dateReserved": "2018-09-18T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}