PT-2013-3640 · Bitcoin+1 · Bitcoin-Qt+2

Sergio Demian Lerner

Published

2013-03-12

Updated

2020-03-18

CVE-2013-2293

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Bitcoin-Qt versions prior to 0.8.0rc1 bitcoind versions prior to 0.8.0rc1

Description The issue allows remote attackers to cause a denial of service by consuming disk I/O via a Bitcoin transaction with many inputs corresponding to different parts of the stored block chain. This is due to the CTransaction::FetchInputs method copying transactions from disk to memory without checking for spent prevouts.

Recommendations For bitcoind versions prior to 0.8.0rc1, update to version 0.8.0rc1 or later to resolve the issue. For Bitcoin-Qt versions prior to 0.8.0rc1, update to version 0.8.0rc1 or later to resolve the issue.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2014-2074

CVE-2013-2293

Affected Products

Alt Linux

Bitcoin-Qt

Bitcoind

PT-2013-3640 · Bitcoin+1 · Bitcoin-Qt+2

CVE-2013-2293

Weakness Enumeration

Related Identifiers

Affected Products

References · 8