CVE-2016-10724

Sažetak

Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.

Reference

https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
https://github.com/JinBean/CVE-Extension
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

18-03-2020 - 17:07

Objavljeno

05-07-2018 - 22:29