CVE-2017-12842

Name of the Vulnerable Software and Affected Versions: Bitcoin Core versions prior to 0.14

Description: The issue allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.

Recommendations: For versions prior to 0.14, update to version 0.14 or later to resolve the issue. As a temporary workaround, consider restricting the reliance on SPV proofs for transactions of a greater dollar amount in autonomous systems.