PT-2023-24276 · Unknown+1 · Bitcoin Core+1

Kev

Publicado

2023-05-22

Atualizado

2024-11-14

CVE-2023-33297

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Bitcoin Core versions prior to 24.1

Description The issue allows attackers to cause a denial of service, specifically CPU consumption, because draining the inventory-to-send queue is inefficient. This has been exploited in the wild in May 2023.

Recommendations For Bitcoin Core versions prior to 24.1, update to version 24.1 or later to resolve the issue. As a temporary workaround, consider enabling debug mode to mitigate the risk of CPU consumption attacks. Restrict access to the inventory-to-send queue to minimize the risk of exploitation.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALT-PU-2023-1884

ALT-PU-2024-15200

CVE-2023-33297

Produtos afetados

Alt Linux

Bitcoin Core

PT-2023-24276 · Unknown+1 · Bitcoin Core+1

CVE-2023-33297

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35