Common Vulnerabilities and Exposures: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
Full details |
||
| Line 3: | Line 3: | ||
! Announced !! Affects !! Flaw !! Live | ! Announced !! Affects !! Flaw !! Live | ||
|- | |- | ||
| [[CVE-2010-5137]] | | [[#CVE-2010-5137|CVE-2010-5137]] | ||
| 2010-07-28 | | 2010-07-28 | ||
| wxBitcoin and bitcoind | | wxBitcoin and bitcoind | ||
| Line 9: | Line 9: | ||
|bgcolor=lime| 100% | |bgcolor=lime| 100% | ||
|- | |- | ||
| [[CVE-2010-5138]] | | [[#CVE-2010-5138|CVE-2010-5138]] | ||
| 2010-07-29 | | 2010-07-29 | ||
| wxBitcoin and bitcoind | | wxBitcoin and bitcoind | ||
| Line 15: | Line 15: | ||
|bgcolor=lime| 100% | |bgcolor=lime| 100% | ||
|- | |- | ||
| [[CVE-2010-5139]] | | [[#CVE-2010-5139|CVE-2010-5139]] | ||
| 2010-08-15 | | 2010-08-15 | ||
| wxBitcoin and bitcoind | | wxBitcoin and bitcoind | ||
| Line 21: | Line 21: | ||
|bgcolor=lime| 100% | |bgcolor=lime| 100% | ||
|- | |- | ||
| [[CVE-2010-5140]] | | [[#CVE-2010-5140|CVE-2010-5140]] | ||
| 2010-09-29 | | 2010-09-29 | ||
| wxBitcoin and bitcoind | | wxBitcoin and bitcoind | ||
| | | Microtransaction flooding | ||
|bgcolor=lime| 100% | |bgcolor=lime| 100% | ||
|- | |- | ||
| [[CVE-2011-4447]] | | [[#CVE-2011-4447|CVE-2011-4447]] | ||
| 2011-11-11 | | 2011-11-11 | ||
| wxBitcoin and bitcoind | | wxBitcoin and bitcoind | ||
| Wallet | | Wallet non-encryption | ||
|bgcolor=yellow| 88.5% | |bgcolor=yellow| 88.5% | ||
|- | |- | ||
| [[CVE-2012-1909]] | | [[#CVE-2012-1909|CVE-2012-1909]] | ||
| 2012-03-07 | | 2012-03-07 | ||
| Bitcoin protocol | | Bitcoin protocol | ||
| Line 39: | Line 39: | ||
|bgcolor=pink| 28.9% | |bgcolor=pink| 28.9% | ||
|- | |- | ||
| [[CVE-2012-1910]] | | [[#CVE-2012-1910|CVE-2012-1910]] | ||
| 2012-03-17 | | 2012-03-17 | ||
| Bitcoin-Qt for Windows | | Bitcoin-Qt for Windows | ||
| Line 45: | Line 45: | ||
|bgcolor=pink| 82.2% | |bgcolor=pink| 82.2% | ||
|- | |- | ||
| [[CVE-2012-2459]] | | [[#CVE-2012-2459|CVE-2012-2459]] | ||
| 2012-05-14 | | 2012-05-14 | ||
| bitcoind and Bitcoin-Qt | | bitcoind and Bitcoin-Qt | ||
| Line 51: | Line 51: | ||
|bgcolor=pink| 17.8% | |bgcolor=pink| 17.8% | ||
|} | |} | ||
__NOTOC__ | |||
== CVE-2010-5137 == | |||
<b>Date:</b> 2010-07-28 | |||
<b>Summary:</b> OP_LSHIFT crash | |||
<b>Fix Deployment:</b> 100% | |||
{| class='wikitable' | |||
!colspan='2'| Affected !! Fix | |||
|- | |||
| bitcoind<br>wxBitcoin || * - 0.3.4 || 0.3.5 | |||
|} | |||
On July 28 2010 two bugs were discovered and demonstrated on the test network. The first caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. The second exploited another bug in the transaction handling code and allowed an attacker to spend coins that they did not own. Neither were exploited on the main network, and both were fixed by Bitcoin version 0.3.5. | |||
After these bugs were discovered, many currently-unused script words were disabled for safety. | |||
=== References === | |||
* [[Incidents#LSHIFT and RETURN bugs|Incident]] | |||
== CVE-2010-5138 == | |||
<b>Date:</b> 2010-07-29 | |||
<b>Summary:</b> Unlimited SigOp DoS | |||
<b>Fix Deployment:</b> 100% | |||
{| class='wikitable' | |||
!colspan='2'| Affected !! Fix | |||
|- | |||
| bitcoind<br>wxBitcoin || * - 0.3.? || 0.3.? | |||
|} | |||
On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more). | |||
=== References === | |||
* [[Incidents#OP CHECKSIG abuse|Incident]] | |||
== CVE-2010-5139 == | |||
<b>Date:</b> 2010-08-15 | |||
<b>Summary:</b> Combined output overflow | |||
<b>Fix Deployment:</b> 100% | |||
{| class='wikitable' | |||
!colspan='2'| Affected !! Fix | |||
|- | |||
| bitcoind<br>wxBitcoin || * - 0.3.10 || 0.3.11 | |||
|} | |||
On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain. | |||
The block and transaction: | |||
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba, | |||
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2) | |||
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0) | |||
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00) | |||
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7) | |||
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0) | |||
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC) | |||
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7) | |||
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512) | |||
vMerkleTree: 012cd8 1d5e51 618eba | |||
Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c | |||
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre> | |||
=== References === | |||
* [[Incidents#Value overflow|Incident]] | |||
* [https://bitcointalk.org/index.php?topic=822.0 Discovery] | |||
== CVE-2010-5140 == | |||
<b>Date:</b> 2010-09-29 | |||
<b>Summary:</b> Microtransaction flooding | |||
<b>Fix Deployment:</b> 100% | |||
{| class='wikitable' | |||
!colspan='2'| Affected !! Fix | |||
|- | |||
| bitcoind<br>wxBitcoin || * - 0.3.12 || 0.3.13 | |||
|} | |||
Around September 29, 2010, people started [http://www.bitcoin.org/smf/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them. | |||
Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders. | |||
=== References === | |||
* [[Incidents#Micropayment contamination|Incident]] | |||
* [http://www.bitcoin.org/smf/index.php?topic=1306.0 Initial reports] | |||
== CVE-2011-4447 == | |||
<b>Date:</b> 2011-11-11 | |||
<b>Summary:</b> Wallet non-encryption | |||
<b>Fix Deployment:</b> 88.5% | |||
{| class='wikitable' | |||
!colspan='2'| Affected !! Fix | |||
|- | |||
| bitcoind<br>wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1<br>0.5.0 | |||
|} | |||
=== References === | |||
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement] | |||
* [https://bitcointalk.org/index.php?topic=51474.0 Finding] | |||
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0] | |||
== CVE-2012-1909 == | |||
<b>Date:</b> 2012-03-07 | |||
<b>Summary:</b> Transaction overwriting | |||
<b>Fix Deployment:</b> 28.9% | |||
{| class='wikitable' | |||
!colspan='2'| Affected !! Fix | |||
|- | |||
| Bitcoin protocol || Before March 15th, 2012 || BIP 30 | |||
|- | |||
| Bitcoin-Qt<br>bitcoind || * - 0.4.4rc2<br>0.5.0rc1 - 0.5.0.4rc2<br>0.5.1rc1 - 0.5.3rc2<br>0.6.0rc1 - 0.6.0rc2 || 0.4.4<br>0.5.0.4<br>0.5.3<br>0.6.0rc3 | |||
|- | |||
| wxBitcoin || ALL || NONE | |||
|} | |||
=== References === | |||
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement] | |||
* [https://en.bitcoin.it/wiki/BIP_0030 Fix] | |||
== CVE-2012-1910 == | |||
<b>Date:</b> 2012-03-17 | |||
<b>Summary:</b> MingW non-multithreading | |||
<b>Fix Deployment:</b> 82.2% | |||
{| class='wikitable' | |||
!colspan='2'| Affected !! Fix | |||
|- | |||
| Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4<br>0.5.1rc1 - 0.5.3.0<br>0.6.0rc1 - 0.6.0rc4 || 0.5.0.5<br>0.5.3.1<br>0.5.4<br>0.6.0rc4 | |||
|} | |||
=== References === | |||
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement] | |||
== CVE-2012-2459 == | |||
<b>Date:</b> 2012-05-14 | |||
<b>Summary:</b> ''TBD'' | |||
<b>Fix Deployment:</b> 17.8% | |||
{| class='wikitable' | |||
!colspan='2'| Affected !! Fix | |||
|- | |||
| Bitcoin-Qt<br>bitcoind || * - 0.4.6rc1<br>0.5.0rc1 - 0.5.5rc1<br>0.6.0rc1 - 0.6.0.7rc1<br>0.6.1rc1 - 0.6.1 || 0.4.6<br>0.5.5<br>0.6.0.7<br>0.6.2 | |||
|} | |||
=== References === | |||
* [https://bitcointalk.org/?topic=81749 Announcement] | |||
Revision as of 22:42, 29 May 2012
| CVE | Announced | Affects | Flaw | Live |
|---|---|---|---|---|
| CVE-2010-5137 | 2010-07-28 | wxBitcoin and bitcoind | OP_LSHIFT crash | 100% |
| CVE-2010-5138 | 2010-07-29 | wxBitcoin and bitcoind | Unlimited SigOp DoS | 100% |
| CVE-2010-5139 | 2010-08-15 | wxBitcoin and bitcoind | Combined output overflow | 100% |
| CVE-2010-5140 | 2010-09-29 | wxBitcoin and bitcoind | Microtransaction flooding | 100% |
| CVE-2011-4447 | 2011-11-11 | wxBitcoin and bitcoind | Wallet non-encryption | 88.5% |
| CVE-2012-1909 | 2012-03-07 | Bitcoin protocol | Transaction overwriting | 28.9% |
| CVE-2012-1910 | 2012-03-17 | Bitcoin-Qt for Windows | MingW non-multithreading | 82.2% |
| CVE-2012-2459 | 2012-05-14 | bitcoind and Bitcoin-Qt | TBD | 17.8% |
CVE-2010-5137
Date: 2010-07-28 Summary: OP_LSHIFT crash Fix Deployment: 100%
| Affected | Fix | |
|---|---|---|
| bitcoind wxBitcoin |
* - 0.3.4 | 0.3.5 |
On July 28 2010 two bugs were discovered and demonstrated on the test network. The first caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. The second exploited another bug in the transaction handling code and allowed an attacker to spend coins that they did not own. Neither were exploited on the main network, and both were fixed by Bitcoin version 0.3.5.
After these bugs were discovered, many currently-unused script words were disabled for safety.
References
CVE-2010-5138
Date: 2010-07-29 Summary: Unlimited SigOp DoS Fix Deployment: 100%
| Affected | Fix | |
|---|---|---|
| bitcoind wxBitcoin |
* - 0.3.? | 0.3.? |
On July 29 2010, it was discovered that block 71036 contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).
References
CVE-2010-5139
Date: 2010-08-15 Summary: Combined output overflow Fix Deployment: 100%
| Affected | Fix | |
|---|---|---|
| bitcoind wxBitcoin |
* - 0.3.10 | 0.3.11 |
On August 15 2010, it was discovered that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.
The block and transaction:
CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba
Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9
References
CVE-2010-5140
Date: 2010-09-29 Summary: Microtransaction flooding Fix Deployment: 100%
| Affected | Fix | |
|---|---|---|
| bitcoind wxBitcoin |
* - 0.3.12 | 0.3.13 |
Around September 29, 2010, people started reporting that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.
Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.
References
CVE-2011-4447
Date: 2011-11-11 Summary: Wallet non-encryption Fix Deployment: 88.5%
| Affected | Fix | |
|---|---|---|
| bitcoind wxBitcoin |
0.4.0 - 0.4.1rc6 | 0.4.1 0.5.0 |
References
CVE-2012-1909
Date: 2012-03-07 Summary: Transaction overwriting Fix Deployment: 28.9%
| Affected | Fix | |
|---|---|---|
| Bitcoin protocol | Before March 15th, 2012 | BIP 30 |
| Bitcoin-Qt bitcoind |
* - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 |
0.4.4 0.5.0.4 0.5.3 0.6.0rc3 |
| wxBitcoin | ALL | NONE |
References
CVE-2012-1910
Date: 2012-03-17 Summary: MingW non-multithreading Fix Deployment: 82.2%
| Affected | Fix | |
|---|---|---|
| Bitcoin-Qt for Windows | 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc4 |
0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4 |
References
CVE-2012-2459
Date: 2012-05-14 Summary: TBD Fix Deployment: 17.8%
| Affected | Fix | |
|---|---|---|
| Bitcoin-Qt bitcoind |
* - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1 |
0.4.6 0.5.5 0.6.0.7 0.6.2 |