CVE-2016-10725

Sažetak

In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.

Reference

https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
https://github.com/JinBean/CVE-Extension
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

18-03-2020 - 17:07

Objavljeno

05-07-2018 - 22:29