Difference between revisions of "Common Vulnerabilities and Exposures"

From Bitcoin Wiki
Jump to: navigation, search
(BIP-0050: 0.6.0.x will not be updated)
m (update %s)
Line 49: Line 49:
 
|bgcolor=lime| Hard
 
|bgcolor=lime| Hard
 
| Wallet non-encryption
 
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 99%]
+
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
 
|-
 
|-
 
| [[#CVE-2012-1909|CVE-2012-1909]]
 
| [[#CVE-2012-1909|CVE-2012-1909]]
Line 57: Line 57:
 
|bgcolor=lime| Very hard
 
|bgcolor=lime| Very hard
 
| Transaction overwriting
 
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 97%]
+
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 99%]
 
|-
 
|-
 
| [[#CVE-2012-1910|CVE-2012-1910]]
 
| [[#CVE-2012-1910|CVE-2012-1910]]
Line 73: Line 73:
 
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
 
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
 
| Mandatory P2SH protocol update
 
| Mandatory P2SH protocol update
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 97%]
+
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 99%]
 
|-
 
|-
 
| [[#CVE-2012-2459|CVE-2012-2459]]
 
| [[#CVE-2012-2459|CVE-2012-2459]]
Line 81: Line 81:
 
|bgcolor=pink| Easy
 
|bgcolor=pink| Easy
 
| Block hash collision (via merkle root)
 
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 97%]
+
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 99%]
 
<!--
 
<!--
 
|-
 
|-
Line 99: Line 99:
 
|bgcolor=pink| Easy
 
|bgcolor=pink| Easy
 
| (Lack of) orphan txn resource limits
 
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-3789 94%]
+
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-3789 97%]
 
|-
 
|-
 
| [[#CVE-2012-4682|CVE-2012-4682]]
 
| [[#CVE-2012-4682|CVE-2012-4682]]
Line 107: Line 107:
 
|  
 
|  
 
|  
 
|  
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 88%]
+
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 96%]
 
|-
 
|-
 
| [[#CVE-2012-4683|CVE-2012-4683]]
 
| [[#CVE-2012-4683|CVE-2012-4683]]
Line 115: Line 115:
 
| bgcolor=pink| Easy
 
| bgcolor=pink| Easy
 
| Targeted DoS by CPU exhaustion using alerts
 
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 88%]
+
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 96%]
 
|-
 
|-
 
| [[#CVE-2012-4684|CVE-2012-4684]]
 
| [[#CVE-2012-4684|CVE-2012-4684]]
Line 123: Line 123:
 
| bgcolor=pink| Easy
 
| bgcolor=pink| Easy
 
| Network-wide DoS using malleable signatures in alerts
 
| Network-wide DoS using malleable signatures in alerts
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124683 88%]
+
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 96%]
 
|-
 
|-
 
| [[#CVE-2013-2272|CVE-2013-2272]]
 
| [[#CVE-2013-2272|CVE-2013-2272]]
Line 131: Line 131:
 
|bgcolor=pink| Easy
 
|bgcolor=pink| Easy
 
| Remote discovery of node's wallet addresses
 
| Remote discovery of node's wallet addresses
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 52%]
+
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 87%]
 
|-
 
|-
 
| [[#CVE-2013-2273|CVE-2013-2273]]
 
| [[#CVE-2013-2273|CVE-2013-2273]]
Line 139: Line 139:
 
|bgcolor=yellow| Easy
 
|bgcolor=yellow| Easy
 
| Predictable change output
 
| Predictable change output
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 52%]
+
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 87%]
 
|-
 
|-
 
| [[#CVE-2013-2292|CVE-2013-2292]]
 
| [[#CVE-2013-2292|CVE-2013-2292]]
Line 155: Line 155:
 
|bgcolor=pink| Easy
 
|bgcolor=pink| Easy
 
| Continuous hard disk seek
 
| Continuous hard disk seek
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 52%]
+
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 87%]
 
|-
 
|-
 
| [[#Unassigned-20120311|Pending]]
 
| [[#Unassigned-20120311|Pending]]
Line 179: Line 179:
 
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
 
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
 
| Mandatory block protocol update
 
| Mandatory block protocol update
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 88%]
+
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 96%]
 
|-
 
|-
 
| [[#BIP-0050|BIP 0050]]
 
| [[#BIP-0050|BIP 0050]]
Line 306: Line 306:
 
  <b>Date:</b> 2011-11-11
 
  <b>Date:</b> 2011-11-11
 
  <b>Summary:</b> Wallet non-encryption
 
  <b>Summary:</b> Wallet non-encryption
  <b>Fix Deployment:</b> 99%
+
  <b>Fix Deployment:</b> 100%
 
{| class='wikitable'
 
{| class='wikitable'
 
!colspan='2'| Affected !! Fix
 
!colspan='2'| Affected !! Fix
Line 324: Line 324:
 
  <b>Date:</b> 2012-03-07
 
  <b>Date:</b> 2012-03-07
 
  <b>Summary:</b> Transaction overwriting
 
  <b>Summary:</b> Transaction overwriting
  <b>Fix Deployment:</b> 97%
+
  <b>Fix Deployment:</b> 99%
 
{| class='wikitable'
 
{| class='wikitable'
 
!colspan='2'| Affected !! Fix
 
!colspan='2'| Affected !! Fix
Line 360: Line 360:
 
  <b>Date:</b> 2012-04-01
 
  <b>Date:</b> 2012-04-01
 
  <b>Summary:</b> Mandatory P2SH protocol update
 
  <b>Summary:</b> Mandatory P2SH protocol update
  <b>Deployment:</b> 97%
+
  <b>Deployment:</b> 99%
 
{| class='wikitable'
 
{| class='wikitable'
 
!colspan='2'| Affected !! Fix
 
!colspan='2'| Affected !! Fix
Line 376: Line 376:
 
  <b>Date:</b> 2012-05-14
 
  <b>Date:</b> 2012-05-14
 
  <b>Summary:</b> Block hash collision (via merkle tree)
 
  <b>Summary:</b> Block hash collision (via merkle tree)
  <b>Fix Deployment:</b> 97%
+
  <b>Fix Deployment:</b> 99%
 
{| class='wikitable'
 
{| class='wikitable'
 
!colspan='2'| Affected !! Fix
 
!colspan='2'| Affected !! Fix
Line 397: Line 397:
 
  <b>Date:</b> 2012-06-20
 
  <b>Date:</b> 2012-06-20
 
  <b>Summary:</b> (Lack of) orphan txn resource limits
 
  <b>Summary:</b> (Lack of) orphan txn resource limits
  <b>Fix Deployment:</b> 94%
+
  <b>Fix Deployment:</b> 97%
 
{| class='wikitable'
 
{| class='wikitable'
 
!colspan='2'| Affected !! Fix
 
!colspan='2'| Affected !! Fix
Line 413: Line 413:
 
  <b>Date:</b>  
 
  <b>Date:</b>  
 
  <b>Summary:</b>  
 
  <b>Summary:</b>  
  <b>Fix Deployment:</b> 88%
+
  <b>Fix Deployment:</b> 96%
 
{| class='wikitable'
 
{| class='wikitable'
 
!colspan='2'| Affected !! Fix
 
!colspan='2'| Affected !! Fix
Line 428: Line 428:
 
  <b>Date:</b> 2012-08-23
 
  <b>Date:</b> 2012-08-23
 
  <b>Summary:</b> Targeted DoS by CPU exhaustion using alerts
 
  <b>Summary:</b> Targeted DoS by CPU exhaustion using alerts
  <b>Fix Deployment:</b> 88%
+
  <b>Fix Deployment:</b> 96%
 
{| class='wikitable'
 
{| class='wikitable'
 
!colspan='2'| Affected !! Fix
 
!colspan='2'| Affected !! Fix
Line 444: Line 444:
 
  <b>Date:</b> 2012-08-24
 
  <b>Date:</b> 2012-08-24
 
  <b>Summary:</b> Network-wide DoS using malleable signatures in alerts
 
  <b>Summary:</b> Network-wide DoS using malleable signatures in alerts
  <b>Fix Deployment:</b> 88%
+
  <b>Fix Deployment:</b> 96%
 
{| class='wikitable'
 
{| class='wikitable'
 
!colspan='2'| Affected !! Fix
 
!colspan='2'| Affected !! Fix
Line 459: Line 459:
 
  <b>Date:</b> 2013-01-11
 
  <b>Date:</b> 2013-01-11
 
  <b>Summary:</b> Remote discovery of node's wallet addresses
 
  <b>Summary:</b> Remote discovery of node's wallet addresses
  <b>Fix Deployment:</b> 52%
+
  <b>Fix Deployment:</b> 87%
 
{| class='wikitable'
 
{| class='wikitable'
 
!colspan='2'| Affected !! Fix
 
!colspan='2'| Affected !! Fix
Line 474: Line 474:
  
 
  <b>Date:</b> 2013-01-30
 
  <b>Date:</b> 2013-01-30
  <b>Summary:</b> Predictable change output  
+
  <b>Summary:</b> Predictable change output
  <b>Fix Deployment:</b> 52%
+
  <b>Fix Deployment:</b> 87%
 
{| class='wikitable'
 
{| class='wikitable'
 
!colspan='2'| Affected !! Fix
 
!colspan='2'| Affected !! Fix
Line 506: Line 506:
 
  <b>Date:</b> 2013-02-14
 
  <b>Date:</b> 2013-02-14
 
  <b>Summary:</b> Continuous hard disk seek
 
  <b>Summary:</b> Continuous hard disk seek
  <b>Fix Deployment:</b> 52%
+
  <b>Fix Deployment:</b> 87%
 
{| class='wikitable'
 
{| class='wikitable'
 
!colspan='2'| Affected !! Fix
 
!colspan='2'| Affected !! Fix
Line 553: Line 553:
 
  <b>Date:</b> 2013-03-25
 
  <b>Date:</b> 2013-03-25
 
  <b>Summary:</b> Mandatory block protocol update
 
  <b>Summary:</b> Mandatory block protocol update
  <b>Deployment:</b> 88%
+
  <b>Deployment:</b> 96%
 
{| class='wikitable'
 
{| class='wikitable'
 
!colspan='2'| Affected !! Fix
 
!colspan='2'| Affected !! Fix

Revision as of 03:10, 19 April 2013

CVE Announced Affects Severity Attack is... Flaw Net
CVE-2010-5137 2010-07-28 wxBitcoin and bitcoind DoS[1] Easy OP_LSHIFT crash 100%
CVE-2010-5141 2010-07-28 wxBitcoin and bitcoind Theft[2] Easy 100%
CVE-2010-5138 2010-07-29 wxBitcoin and bitcoind DoS[1] Easy Unlimited SigOp DoS 100%
CVE-2010-5139 2010-08-15 wxBitcoin and bitcoind Theft[2] Easy Combined output overflow 100%
CVE-2010-5140 2010-09-29 wxBitcoin and bitcoind DoS[1] Easy Never confirming transactions 100%
CVE-2011-4447 2011-11-11 wxBitcoin and bitcoind Exposure[3] Hard Wallet non-encryption 100%
CVE-2012-1909 2012-03-07 Bitcoin protocol and all clients Netsplit[4] Very hard Transaction overwriting 99%
CVE-2012-1910 2012-03-17 Bitcoin-Qt for Windows Unknown[5] Hard MingW non-multithreading 100%
BIP 0016 2012-04-01 All Bitcoin clients Fake Conf[6] Miners[7] Mandatory P2SH protocol update 99%
CVE-2012-2459 2012-05-14 bitcoind and Bitcoin-Qt Netsplit[4] Easy Block hash collision (via merkle root) 99%
CVE-2012-3789 2012-06-20 bitcoind and Bitcoin-Qt DoS[1] Easy (Lack of) orphan txn resource limits 97%
CVE-2012-4682 bitcoind and Bitcoin-Qt DoS[1] 96%
CVE-2012-4683 2012-08-23 bitcoind and Bitcoin-Qt DoS[1] Easy Targeted DoS by CPU exhaustion using alerts 96%
CVE-2012-4684 2012-08-24 bitcoind and Bitcoin-Qt DoS[1] Easy Network-wide DoS using malleable signatures in alerts 96%
CVE-2013-2272 2013-01-11 bitcoind and Bitcoin-Qt Exposure[3] Easy Remote discovery of node's wallet addresses 87%
CVE-2013-2273 2013-01-30 bitcoind and Bitcoin-Qt Exposure[3] Easy Predictable change output 87%
CVE-2013-2292 2013-01-30 bitcoind and Bitcoin-Qt DoS[1] Hard A transaction that takes at least 3 minutes to verify -
CVE-2013-2293 2013-02-14 bitcoind and Bitcoin-Qt DoS[1] Easy Continuous hard disk seek 87%
Pending 2013-03-11 bitcoind and Bitcoin-Qt 0.8.0 Fake Conf[6] Miners[7] Unenforced block protocol rule  ?
Pending 2013-03-11 bitcoind and Bitcoin-Qt Netsplit[4] Hard Inconsistent BDB lock limit interactions  ?
BIP 0034 2013-03-25 All Bitcoin clients Fake Conf[6] Miners[7] Mandatory block protocol update 96%
BIP 0050 2013-05-15 All Bitcoin clients Netsplit[4] Implicit[8] Hard fork to remove txid limit protocol rule  ?
  1. 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 Attacker can disable some functionality, for example by crashing clients
  2. 2.0 2.1 Attacker can take or create money outside known network rules
  3. 3.0 3.1 3.2 Attacker can access user data outside known acceptable methods
  4. 4.0 4.1 4.2 4.3 Attacker can create multiple views of the network, enabling double-spending with over 1 confirmation
  5. Extent of possible abuse is unknown
  6. 6.0 6.1 6.2 Attacker can double-spend with 1 confirmation
  7. 7.0 7.1 7.2 Attacking requires mining block(s)
  8. This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.


CVE-2010-5137

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
Affected Fix
bitcoind
wxBitcoin
* - 0.3.4 0.3.5

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

References


CVE-2010-5141

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
Affected Fix
bitcoind
wxBitcoin
* - 0.3.4 0.3.5

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

References


CVE-2010-5138

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
Affected Fix
bitcoind
wxBitcoin
* - 0.3.? 0.3.?

On July 29 2010, it was discovered that block 71036 contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

References


CVE-2010-5139

Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
Affected Fix
bitcoind
wxBitcoin
* - 0.3.10 0.3.11

On August 15 2010, it was discovered that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:

CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
  CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
    CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
    CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
  CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
    CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
    CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
    CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
  vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9

References


CVE-2010-5140

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
Affected Fix
bitcoind
wxBitcoin
* - 0.3.12 0.3.13

Around September 29, 2010, people started reporting that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

References


CVE-2011-4447

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
Affected Fix
bitcoind
wxBitcoin
0.4.0 - 0.4.1rc6 0.4.1
0.5.0

References


CVE-2012-1909

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 99%
Affected Fix
Bitcoin protocol Before March 15th, 2012 BIP 30
Bitcoin-Qt
bitcoind
* - 0.4.4rc2
0.5.0rc1 - 0.5.0.4rc2
0.5.1rc1 - 0.5.3rc2
0.6.0rc1 - 0.6.0rc2
0.4.4
0.5.0.4
0.5.3
0.6.0rc3
wxBitcoin ALL NONE

References

CVE-2012-1910

Date: 2012-03-17
Summary: MingW non-multithreading
Fix Deployment: 100%
Affected Fix
Bitcoin-Qt for Windows 0.5.0rc1 - 0.5.0.4
0.5.1rc1 - 0.5.3.0
0.6.0rc1 - 0.6.0rc3
0.5.0.5
0.5.3.1
0.5.4
0.6.0rc4

References

BIP-0016

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 99%
Affected Fix
Bitcoin-Qt
bitcoind
* - 0.4.4
0.5.0rc1 - 0.5.0.5
0.5.1rc1 - 0.5.3
0.6.0rc1
0.4.5
0.5.0.6
0.5.4rc1
0.6.0rc2
wxBitcoin ALL NONE

References

CVE-2012-2459

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 99%
Affected Fix
Bitcoin-Qt
bitcoind
* - 0.4.6rc1
0.5.0rc1 - 0.5.5rc1
0.6.0rc1 - 0.6.0.7rc1
0.6.1rc1 - 0.6.1rc1
0.4.6
0.5.5
0.6.0.7
0.6.1rc2

Block hash collisions can easily be made by duplicating transactions in the merkle tree. Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash. This could be used to fork the blockchain, including deep double-spend attacks.

References

CVE-2012-3789

Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 97%
Affected Fix
Bitcoin-Qt
bitcoind
* - 0.4.7rc2
0.5.0rc1 - 0.5.6rc2
0.6.0rc1 - 0.6.0.8rc2
0.6.1rc1 - 0.6.2.2
0.4.7rc3
0.5.6rc3
0.6.0.9rc1
0.6.3rc1

References

CVE-2012-4682

Date: 
Summary: 
Fix Deployment: 96%
Affected Fix
Bitcoin-Qt
bitcoind
* - 0.4.7rc2
0.5.0rc1 - 0.5.6rc2
0.6.0rc1 - 0.6.0.8rc2
0.6.1rc1 - 0.6.2.2
0.4.7rc3
0.5.6rc3
0.6.0.9rc1
0.6.3rc1

References

CVE-2012-4683

Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 96%
Affected Fix
Bitcoin-Qt
bitcoind
* - 0.4.7rc2
0.5.0rc1 - 0.5.6rc2
0.6.0rc1 - 0.6.0.8rc2
0.6.1rc1 - 0.6.2.2
0.7.0

References

CVE-2012-4684

Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 96%
Affected Fix
Bitcoin-Qt
bitcoind
* - 0.4.7rc2
0.5.0rc1 - 0.5.6rc2
0.6.0rc1 - 0.6.0.8rc2
0.6.1rc1 - 0.6.2.2 - 0.6.3rc1
0.7.0

References

CVE-2013-2272

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 87%
Affected Fix
Bitcoin-Qt
bitcoind
* - 0.4.8rc4
0.5.0rc1 - 0.5.7
0.6.0rc1 - 0.6.0.10rc4
0.6.1rc1 - 0.6.4rc4
0.7.0rc1 - 0.7.2
0.4.9rc1
0.5.8rc1
0.6.0.11rc1
0.6.5rc1
0.7.3rc1

References

CVE-2013-2273

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 87%
Affected Fix
Bitcoin-Qt
bitcoind
* - 0.4.8rc4
0.5.0rc1 - 0.5.7
0.6.0rc1 - 0.6.0.10rc4
0.6.1rc1 - 0.6.4rc4
0.7.0rc1 - 0.7.2
0.4.9rc1
0.5.8rc1
0.6.0.11rc1
0.6.5rc1
0.7.3rc1

References

CVE-2013-2292

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: -
Affected Fix
Bitcoin-Qt
bitcoind
All versions No fix yet

References

CVE-2013-2293

Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 87%
Affected Fix
Bitcoin-Qt
bitcoind
* - 0.7.3rc1 No fix yet (0.8.0 unaffected)

References

Unassigned-20120311

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: ?
Affected Fix
Bitcoin-Qt
bitcoind
0.8.0rc1 - 0.8.0 0.8.1

References

Unassigned-20120312

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: ?
Affected Fix
Bitcoin-Qt
bitcoind
* - 0.4.9rc1
0.5.0rc1 - 0.5.8rc1
0.6.0rc1 - 0.6.0.11rc1
0.6.1rc1 - 0.6.5rc1
0.7.0rc1 - 0.7.3rc1
0.4.9rc2
0.5.8rc2
0.6.0.12rc1
0.6.5rc2
0.7.3rc2
wxBitcoin ALL NONE

References

BIP-0034

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 96%
Affected Fix
Bitcoin-Qt
bitcoind
* - 0.4.7
0.5.0rc1 - 0.5.7
0.6.0rc1 - 0.6.0.9
0.6.1rc1 - 0.6.3
0.4.8rc1
0.5.7rc1
0.6.0.10rc1
0.6.4rc1
wxBitcoin ALL NONE

References

BIP-0050

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: ?
Affected Fix
Bitcoin-Qt
bitcoind
* - 0.4.9rc1
0.5.0rc1 - 0.5.8rc1
0.6.0rc1 - 0.6.5rc1
0.7.0rc1 - 0.7.3rc1
0.4.9rc2
0.5.8rc2
0.6.5rc2
0.7.3rc2
wxBitcoin ALL NONE

References

Definitions

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited[1].

See Also

References