Bitcoin Core Fixes High Severity Vulnerabilities, Exposes 2015 Data Leak Risk
July 4, 2024Bitcoin Core recently addressed a high severity vulnerability related to banned IP addresses and a medium severity issue affecting unconfirmed transactions.
A Medium severity vulnerability in miniupnpc, identified in 2015 by Wladimir J. Van Der Laan, could have led to a data leak and remote code execution in Bitcoin Core.
This issue, CVE-2015-6031, was fixed in Bitcoin Core version 0.12 in February 2016.
The vulnerability allowed for remote crashes and, when combined with a buffer overflow in miniupnpc, could result in remote code execution.
Aleksandar Nikolic was credited for identifying the initial vulnerability.
The fixes were merged into Bitcoin Core in 2015, with the final vulnerable version reaching End of Life in 2017.
Public disclosure of the issue was made on July 3, 2024.
The recent high severity vulnerability in Bitcoin Core was fixed by Pieter Wuille in versions 0.20.1 and 0.21.0.
Summary based on 9 sources
Get a daily email with more Crypto stories
Sources
Bitcoin Core • Jul 3, 2024
Disclosure of CPU DoS due to malicious P2P message (≤ version 0.19.2)Bitcoin Core • Jul 3, 2024
Disclosure of memory DoS using low-difficulty headers (≤ version 0.14.3)Bitcoin Core • Jul 3, 2024
Disclosure of memory DoS due to malicious P2P message (≤ version 0.19.2)Bitcoin Core • Jul 3, 2024
Disclosure of CPU DoS / stalling due to malicious P2P message (≤ version 0.17.2)