PT-2013-3634 · Bitcoin · Bitcoin-Qt+1
Published
2013-03-12
·
Updated
2020-03-18
·
CVE-2013-2273
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
bitcoind and Bitcoin-Qt versions 0.4.9rc1 and earlier, 0.5.x versions prior to 0.5.8rc1, 0.6.0 versions prior to 0.6.0.11rc1, 0.6.1 through 0.6.5 versions prior to 0.6.5rc1, 0.7.x versions prior to 0.7.3rc1
Description
The issue makes it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction.
Recommendations
For bitcoind and Bitcoin-Qt versions 0.4.9rc1 and earlier, update to version 0.4.9rc1 or later.
For 0.5.x versions prior to 0.5.8rc1, update to version 0.5.8rc1 or later.
For 0.6.0 versions prior to 0.6.0.11rc1, update to version 0.6.0.11rc1 or later.
For 0.6.1 through 0.6.5 versions prior to 0.6.5rc1, update to version 0.6.5rc1 or later.
For 0.7.x versions prior to 0.7.3rc1, update to version 0.7.3rc1 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bitcoin-Qt
Bitcoind