CVE-2015-6964

Name of the Vulnerable Software and Affected Versions MultiBit HD versions prior to 0.1.2

Description The issue allows attackers to conduct bit-flipping attacks, inserting unspendable Bitcoin addresses into the list used to send fees to the developers. This is due to the lack of a message authentication code (MAC), but attackers cannot realistically steal these fees for themselves.

Recommendations For versions prior to 0.1.2, update to version 0.1.2 or later to resolve the issue. As a temporary workaround, consider disabling the feature that sends fees to the developers until a patch is available. Restrict access to the list of Bitcoin addresses used for fee payments to minimize the risk of exploitation.