PT-2013-3633 · Bitcoin · Bitcoin-Qt+1
Publicado
2013-03-12
·
Atualizado
2020-03-18
·
CVE-2013-2272
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
bitcoind versions prior to 0.4.9rc1
bitcoind versions 0.5.x prior to 0.5.8rc1
bitcoind versions 0.6.0 prior to 0.6.0.11rc1
bitcoind versions 0.6.1 through 0.6.5 prior to 0.6.5rc1
bitcoind versions 0.7.x prior to 0.7.3rc1
Bitcoin-Qt versions prior to 0.4.9rc1
Bitcoin-Qt versions 0.5.x prior to 0.5.8rc1
Bitcoin-Qt versions 0.6.0 prior to 0.6.0.11rc1
Bitcoin-Qt versions 0.6.1 through 0.6.5 prior to 0.6.5rc1
Bitcoin-Qt versions 0.7.x prior to 0.7.3rc1
Description
The issue allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees. This is due to a flaw in the penny-flooding protection mechanism in the CTxMemPool::accept method.
Recommendations
For bitcoind and Bitcoin-Qt versions prior to 0.4.9rc1, update to version 0.4.9rc1 or later.
For bitcoind and Bitcoin-Qt versions 0.5.x prior to 0.5.8rc1, update to version 0.5.8rc1 or later.
For bitcoind and Bitcoin-Qt versions 0.6.0 prior to 0.6.0.11rc1, update to version 0.6.0.11rc1 or later.
For bitcoind and Bitcoin-Qt versions 0.6.1 through 0.6.5 prior to 0.6.5rc1, update to version 0.6.5rc1 or later.
For bitcoind and Bitcoin-Qt versions 0.7.x prior to 0.7.3rc1, update to version 0.7.3rc1 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bitcoin-Qt
Bitcoind