Common Vulnerabilities and Exposures: Difference between revisions
Fix link |
Update % fixed |
||
Line 57: | Line 57: | ||
|bgcolor=lime| Very hard | |bgcolor=lime| Very hard | ||
| Transaction overwriting | | Transaction overwriting | ||
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%] | ||
|- | |- | ||
| [[#CVE-2012-1910|CVE-2012-1910]] | | [[#CVE-2012-1910|CVE-2012-1910]] | ||
Line 73: | Line 73: | ||
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref> | |bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref> | ||
| Mandatory P2SH protocol update | | Mandatory P2SH protocol update | ||
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%] | ||
|- | |- | ||
| [[#CVE-2012-2459|CVE-2012-2459]] | | [[#CVE-2012-2459|CVE-2012-2459]] | ||
Line 81: | Line 81: | ||
|bgcolor=pink| Easy | |bgcolor=pink| Easy | ||
| Block hash collision (via merkle root) | | Block hash collision (via merkle root) | ||
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%] | ||
<!-- | <!-- | ||
|- | |- | ||
Line 99: | Line 99: | ||
|bgcolor=pink| Easy | |bgcolor=pink| Easy | ||
| (Lack of) orphan txn resource limits | | (Lack of) orphan txn resource limits | ||
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%] | ||
|- | |- | ||
| [[#CVE-2012-4682|CVE-2012-4682]] | | [[#CVE-2012-4682|CVE-2012-4682]] | ||
Line 107: | Line 107: | ||
| | | | ||
| | | | ||
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%] | ||
|- | |- | ||
| '''[[CVE-2012-4683]]''' | | '''[[CVE-2012-4683]]''' | ||
Line 115: | Line 115: | ||
| bgcolor=pink| Easy | | bgcolor=pink| Easy | ||
| Targeted DoS by CPU exhaustion using alerts | | Targeted DoS by CPU exhaustion using alerts | ||
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%] | ||
|- | |- | ||
| '''[[CVE-2012-4684]]''' | | '''[[CVE-2012-4684]]''' | ||
Line 123: | Line 123: | ||
| bgcolor=pink| Easy | | bgcolor=pink| Easy | ||
| Network-wide DoS using malleable signatures in alerts | | Network-wide DoS using malleable signatures in alerts | ||
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%] | ||
|- | |- | ||
| [[#CVE-2013-2272|CVE-2013-2272]] | | [[#CVE-2013-2272|CVE-2013-2272]] | ||
Line 131: | Line 131: | ||
|bgcolor=pink| Easy | |bgcolor=pink| Easy | ||
| Remote discovery of node's wallet addresses | | Remote discovery of node's wallet addresses | ||
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%] | ||
|- | |- | ||
| [[#CVE-2013-2273|CVE-2013-2273]] | | [[#CVE-2013-2273|CVE-2013-2273]] | ||
Line 139: | Line 139: | ||
|bgcolor=yellow| Easy | |bgcolor=yellow| Easy | ||
| Predictable change output | | Predictable change output | ||
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%] | ||
|- | |- | ||
| [[#CVE-2013-2292|CVE-2013-2292]] | | [[#CVE-2013-2292|CVE-2013-2292]] | ||
Line 155: | Line 155: | ||
|bgcolor=pink| Easy | |bgcolor=pink| Easy | ||
| Continuous hard disk seek | | Continuous hard disk seek | ||
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%] | ||
|- | |- | ||
| [[#CVE-2013-3219|CVE-2013-3219]] | | [[#CVE-2013-3219|CVE-2013-3219]] | ||
Line 171: | Line 171: | ||
|bgcolor=lime| Hard | |bgcolor=lime| Hard | ||
| Inconsistent BDB lock limit interactions | | Inconsistent BDB lock limit interactions | ||
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%] | ||
|- | |- | ||
| [[#BIP-0034|BIP 0034]] | | [[#BIP-0034|BIP 0034]] | ||
Line 179: | Line 179: | ||
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref> | |bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref> | ||
| Mandatory block protocol update | | Mandatory block protocol update | ||
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%] | ||
|- | |- | ||
| [[#BIP-0050|BIP 0050]] | | [[#BIP-0050|BIP 0050]] | ||
Line 187: | Line 187: | ||
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref> | |bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref> | ||
| Hard fork to remove txid limit protocol rule | | Hard fork to remove txid limit protocol rule | ||
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%] | ||
|- | |- | ||
| [[#CVE-2013-4627|CVE-2013-4627]] | | [[#CVE-2013-4627|CVE-2013-4627]] | ||
Line 195: | Line 195: | ||
|bgcolor=yellow| Easy | |bgcolor=yellow| Easy | ||
| Memory exhaustion with excess tx message data | | Memory exhaustion with excess tx message data | ||
|bgcolor= | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99.9%] | ||
|- | |- | ||
| [[#CVE-2013-4165|CVE-2013-4165]] | | [[#CVE-2013-4165|CVE-2013-4165]] | ||
Line 203: | Line 203: | ||
|bgcolor=lime| Local | |bgcolor=lime| Local | ||
| Timing leak in RPC authentication | | Timing leak in RPC authentication | ||
|bgcolor= | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99.9%] | ||
|- | |- | ||
| [[#CVE-2013-5700|CVE-2013-5700]] | | [[#CVE-2013-5700|CVE-2013-5700]] | ||
Line 211: | Line 211: | ||
|bgcolor=pink| Easy | |bgcolor=pink| Easy | ||
| Remote p2p crash via bloom filters | | Remote p2p crash via bloom filters | ||
|bgcolor= | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%] | ||
|- | |- | ||
| [[#CVE-2014-0160|CVE-2014-0160]] | | [[#CVE-2014-0160|CVE-2014-0160]] | ||
Line 227: | Line 227: | ||
|bgcolor=pink| Easy | |bgcolor=pink| Easy | ||
| (Yet) Unspecified DoS | | (Yet) Unspecified DoS | ||
| | |bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%] | ||
|- | |- | ||
| CVE-2017-9230 | | CVE-2017-9230 | ||
Line 233: | Line 233: | ||
| Bitcoin | | Bitcoin | ||
| ? | | ? | ||
| | |bgcolor=pink| 0% | ||
| ASICBoost | | ASICBoost | ||
|- | |- |
Revision as of 20:17, 14 June 2018
CVE | Announced | Affects | Severity | Attack is... | Flaw | Net |
---|---|---|---|---|---|---|
CVE-2010-5137 | 2010-07-28 | wxBitcoin and bitcoind | DoS[1] | Easy | OP_LSHIFT crash | 100% |
CVE-2010-5141 | 2010-07-28 | wxBitcoin and bitcoind | Theft[2] | Easy | OP_RETURN could be used to spend any output. | 100% |
CVE-2010-5138 | 2010-07-29 | wxBitcoin and bitcoind | DoS[1] | Easy | Unlimited SigOp DoS | 100% |
CVE-2010-5139 | 2010-08-15 | wxBitcoin and bitcoind | Inflation[3] | Easy | Combined output overflow | 100% |
CVE-2010-5140 | 2010-09-29 | wxBitcoin and bitcoind | DoS[1] | Easy | Never confirming transactions | 100% |
CVE-2011-4447 | 2011-11-11 | wxBitcoin and bitcoind | Exposure[4] | Hard | Wallet non-encryption | 100% |
CVE-2012-1909 | 2012-03-07 | Bitcoin protocol and all clients | Netsplit[5] | Very hard | Transaction overwriting | 100% |
CVE-2012-1910 | 2012-03-17 | bitcoind & Bitcoin-Qt for Windows | Unknown[6] | Hard | MingW non-multithreading | 100% |
BIP 0016 | 2012-04-01 | All Bitcoin clients | Fake Conf[7] | Miners[8] | Mandatory P2SH protocol update | 100% |
CVE-2012-2459 | 2012-05-14 | bitcoind and Bitcoin-Qt | Netsplit[5] | Easy | Block hash collision (via merkle root) | 100% |
CVE-2012-3789 | 2012-06-20 | bitcoind and Bitcoin-Qt | DoS[1] | Easy | (Lack of) orphan txn resource limits | 100% |
CVE-2012-4682 | bitcoind and Bitcoin-Qt | DoS[1] | 100% | |||
CVE-2012-4683 | 2012-08-23 | bitcoind and Bitcoin-Qt | DoS[1] | Easy | Targeted DoS by CPU exhaustion using alerts | 100% |
CVE-2012-4684 | 2012-08-24 | bitcoind and Bitcoin-Qt | DoS[1] | Easy | Network-wide DoS using malleable signatures in alerts | 100% |
CVE-2013-2272 | 2013-01-11 | bitcoind and Bitcoin-Qt | Exposure[4] | Easy | Remote discovery of node's wallet addresses | 99.99% |
CVE-2013-2273 | 2013-01-30 | bitcoind and Bitcoin-Qt | Exposure[4] | Easy | Predictable change output | 99.99% |
CVE-2013-2292 | 2013-01-30 | bitcoind and Bitcoin-Qt | DoS[1] | Hard | A transaction that takes at least 3 minutes to verify | 0% |
CVE-2013-2293 | 2013-02-14 | bitcoind and Bitcoin-Qt | DoS[1] | Easy | Continuous hard disk seek | 99.99% |
CVE-2013-3219 | 2013-03-11 | bitcoind and Bitcoin-Qt 0.8.0 | Fake Conf[7] | Miners[8] | Unenforced block protocol rule | 100% |
CVE-2013-3220 | 2013-03-11 | bitcoind and Bitcoin-Qt | Netsplit[5] | Hard | Inconsistent BDB lock limit interactions | 99.99% |
BIP 0034 | 2013-03-25 | All Bitcoin clients | Fake Conf[7] | Miners[8] | Mandatory block protocol update | 100% |
BIP 0050 | 2013-05-15 | All Bitcoin clients | Netsplit[5] | Implicit[9] | Hard fork to remove txid limit protocol rule | 99.99% |
CVE-2013-4627 | 2013-06-?? | bitcoind and Bitcoin-Qt | DoS[1] | Easy | Memory exhaustion with excess tx message data | 99.9% |
CVE-2013-4165 | 2013-07-20 | bitcoind and Bitcoin-Qt | Theft[10] | Local | Timing leak in RPC authentication | 99.9% |
CVE-2013-5700 | 2013-09-04 | bitcoind and Bitcoin-Qt 0.8.x | DoS[1] | Easy | Remote p2p crash via bloom filters | 99.9% |
CVE-2014-0160 | 2014-04-07 | Anything using OpenSSL for TLS | Unknown[6] | Easy | Remote memory leak via payment protocol | Unknown |
CVE-2015-3641 | 2014-07-07 | Bitcoind and QT prior to 0.10.2 | DoS[1] | Easy | (Yet) Unspecified DoS | 99% |
CVE-2017-9230 | ? | Bitcoin | ? | 0% | ASICBoost | |
CVE-2017-12842 | 2018-06-09 |
- ↑ 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 Attacker can disable some functionality, for example by crashing clients
- ↑ Attacker can take coins outside known network rules
- ↑ Attacker can create coins outside known network rules
- ↑ 4.0 4.1 4.2 Attacker can access user data outside known acceptable methods
- ↑ 5.0 5.1 5.2 5.3 Attacker can create multiple views of the network, enabling double-spending with over 1 confirmation
- ↑ 6.0 6.1 Extent of possible abuse is unknown
- ↑ 7.0 7.1 7.2 Attacker can double-spend with 1 confirmation
- ↑ 8.0 8.1 8.2 Attacking requires mining block(s)
- ↑ This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.
- ↑ Local attacker could potentially determine the RPC passphrase via a timing sidechannel.
CVE-2010-5137
Date: 2010-07-28 Summary: OP_LSHIFT crash Fix Deployment: 100%
Affected | Fix | |
---|---|---|
bitcoind wxBitcoin |
* - 0.3.4 | 0.3.5 |
On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.
After these bugs were discovered, many currently-unused script words were disabled for safety.
References
CVE-2010-5141
Date: 2010-07-28 Summary: ? Fix Deployment: 100%
Affected | Fix | |
---|---|---|
bitcoind wxBitcoin |
* - 0.3.4 | 0.3.5 |
On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.
After these bugs were discovered, many currently-unused script words were disabled for safety.
References
CVE-2010-5138
Date: 2010-07-29 Summary: Unlimited SigOp DoS Fix Deployment: 100%
Affected | Fix | |
---|---|---|
bitcoind wxBitcoin |
* - 0.3.? | 0.3.? |
On July 29 2010, it was discovered that block 71036 contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).
References
CVE-2010-5139
- Main article: CVE-2010-5139
Date: 2010-08-15 Summary: Combined output overflow Fix Deployment: 100%
Affected | Fix | |
---|---|---|
bitcoind wxBitcoin |
* - 0.3.10 | 0.3.11 |
On August 15 2010, it was discovered that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.
The block and transaction:
CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba, nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2) CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0) CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00) CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7) CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0) CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC) CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7) CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512) vMerkleTree: 012cd8 1d5e51 618eba Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9
References
CVE-2010-5140
Date: 2010-09-29 Summary: Never confirming transactions Fix Deployment: 100%
Affected | Fix | |
---|---|---|
bitcoind wxBitcoin |
* - 0.3.12 | 0.3.13 |
Around September 29, 2010, people started reporting that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.
Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.
References
CVE-2011-4447
Date: 2011-11-11 Summary: Wallet non-encryption Fix Deployment: 100%
Affected | Fix | |
---|---|---|
bitcoind wxBitcoin |
0.4.0 - 0.4.1rc6 | 0.4.1 0.5.0 |
References
CVE-2012-1909
Date: 2012-03-07 Summary: Transaction overwriting Fix Deployment: 99%
Affected | Fix | |
---|---|---|
Bitcoin protocol | Before March 15th, 2012 | BIP 30 |
Bitcoin-Qt bitcoind |
* - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 |
0.4.4 0.5.0.4 0.5.3 0.6.0rc3 |
wxBitcoin | ALL | NONE |
References
CVE-2012-1910
Date: 2012-03-17 Summary: MingW non-multithreading Fix Deployment: 100%
Affected | Fix | |
---|---|---|
bitcoind for Windows Bitcoin-Qt for Windows |
0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 |
0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4 |
References
BIP-0016
Date: 2012-04-01 Summary: Mandatory P2SH protocol update Deployment: 99%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
* - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 |
0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2 |
wxBitcoin | ALL | NONE |
References
CVE-2012-2459
Date: 2012-05-14 Summary: Block hash collision (via merkle tree) Fix Deployment: 99%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
* - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 |
0.4.6 0.5.5 0.6.0.7 0.6.1rc2 |
Block hash collisions can easily be made by duplicating transactions in the merkle tree. Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash. This could be used to fork the blockchain, including deep double-spend attacks.
References
CVE-2012-3789
- Main article: CVE-2012-3789
Date: 2012-06-20 Summary: (Lack of) orphan txn resource limits Fix Deployment: 99%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
* - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 |
0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1 |
References
CVE-2012-4682
Date: Summary: Fix Deployment: 98%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
* - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 |
0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1 |
References
CVE-2012-4683
- Main article: CVE-2012-4683
Date: 2012-08-23 Summary: Targeted DoS by CPU exhaustion using alerts Fix Deployment: 98%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
* - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 |
0.7.0 |
References
CVE-2012-4684
- Main article: CVE-2012-4684
Date: 2012-08-24 Summary: Network-wide DoS using malleable signatures in alerts Fix Deployment: 98%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
* - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 |
0.7.0 |
References
CVE-2013-2272
Date: 2013-01-11 Summary: Remote discovery of node's wallet addresses Fix Deployment: 97%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
* - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 |
0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1 |
References
CVE-2013-2273
Date: 2013-01-30 Summary: Predictable change output Fix Deployment: 97%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
* - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 |
0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1 |
References
CVE-2013-2292
Date: 2013-01-30 Summary: A transaction that takes at least 3 minutes to verify Fix Deployment: 0%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
All versions | No fix yet |
References
CVE-2013-2293
- Main article: CVE-2013-2293
Date: 2013-02-14 Summary: Continuous hard disk seek Fix Deployment: 97%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
* - 0.7.3rc1 | No fix yet (0.8.0 unaffected) |
References
CVE-2013-3219
Date: 2013-03-11 Summary: Unenforced block protocol rule Fix Deployment: 100%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
0.8.0rc1 - 0.8.0 | 0.8.1 |
References
CVE-2013-3220
Date: 2013-03-11 Summary: Inconsistent BDB lock limit interactions Fix Deployment: 97%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
* - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 |
0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2 |
wxBitcoin | ALL | NONE |
References
BIP-0034
Date: 2013-03-25 Summary: Mandatory block protocol update Deployment: 99%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
* - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 |
0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1 |
wxBitcoin | ALL | NONE |
References
BIP-0050
Date: 2013-05-15 Summary: Hard fork to remove txid limit protocol rule Deployment: 97%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
* - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 |
0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2 |
wxBitcoin | ALL | NONE |
References
CVE-2013-4627
Date: 2013-06-?? Summary: Memory exhaustion with excess tx message data Fix Deployment: 57%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
* - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 |
0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4 |
wxBitcoin | ALL | NONE |
References
CVE-2013-4165
Date: 2013-07-20 Summary: Timing leak in RPC authentication Fix Deployment: 57%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
* - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 |
0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1 |
wxBitcoin | ALL | NONE |
References
CVE-2013-5700
Date: 2013-09-04 Summary: Remote p2p crash via bloom filters Fix Deployment: 61%
Affected | Fix | |
---|---|---|
Bitcoin-Qt bitcoind |
0.8.0rc1 - 0.8.3 | 0.8.4rc1 |
References
Definitions
A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited[1].
See Also
References
|