CVE-2013-2272

Name of the Vulnerable Software and Affected Versions bitcoind versions prior to 0.4.9rc1 bitcoind versions 0.5.x prior to 0.5.8rc1 bitcoind versions 0.6.0 prior to 0.6.0.11rc1 bitcoind versions 0.6.1 through 0.6.5 prior to 0.6.5rc1 bitcoind versions 0.7.x prior to 0.7.3rc1 Bitcoin-Qt versions prior to 0.4.9rc1 Bitcoin-Qt versions 0.5.x prior to 0.5.8rc1 Bitcoin-Qt versions 0.6.0 prior to 0.6.0.11rc1 Bitcoin-Qt versions 0.6.1 through 0.6.5 prior to 0.6.5rc1 Bitcoin-Qt versions 0.7.x prior to 0.7.3rc1

Description The issue allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees. This is due to a flaw in the penny-flooding protection mechanism in the CTxMemPool::accept method.

Recommendations For bitcoind and Bitcoin-Qt versions prior to 0.4.9rc1, update to version 0.4.9rc1 or later. For bitcoind and Bitcoin-Qt versions 0.5.x prior to 0.5.8rc1, update to version 0.5.8rc1 or later. For bitcoind and Bitcoin-Qt versions 0.6.0 prior to 0.6.0.11rc1, update to version 0.6.0.11rc1 or later. For bitcoind and Bitcoin-Qt versions 0.6.1 through 0.6.5 prior to 0.6.5rc1, update to version 0.6.5rc1 or later. For bitcoind and Bitcoin-Qt versions 0.7.x prior to 0.7.3rc1, update to version 0.7.3rc1 or later.