PT-2013-3640 · Bitcoin+1 · Bitcoin-Qt+2

Sergio Demian Lerner

Publicado

2013-03-12

Atualizado

2020-03-18

CVE-2013-2293

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Bitcoin-Qt versions prior to 0.8.0rc1 bitcoind versions prior to 0.8.0rc1

Description The issue allows remote attackers to cause a denial of service by consuming disk I/O via a Bitcoin transaction with many inputs corresponding to different parts of the stored block chain. This is due to the CTransaction::FetchInputs method copying transactions from disk to memory without checking for spent prevouts.

Recommendations For bitcoind versions prior to 0.8.0rc1, update to version 0.8.0rc1 or later to resolve the issue. For Bitcoin-Qt versions prior to 0.8.0rc1, update to version 0.8.0rc1 or later to resolve the issue.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

ALT-PU-2014-2074

CVE-2013-2293

Produtos afetados

Alt Linux

Bitcoin-Qt

Bitcoind

PT-2013-3640 · Bitcoin+1 · Bitcoin-Qt+2

CVE-2013-2293

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8