Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for bitcoin by bitcoin

    CVE-2021-31876 (GCVE-0-2021-31876)

    Vulnerability from nvd – Published: 2021-05-13 21:03 – Updated: 2024-08-03 23:10
    VLAI
    Summary
    Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff, spending an unconfirmed parent with nSequence <= 0xff_ff_ff_fd, should be replaceable because there is inherited signaling by the child transaction. However, the actual PreChecks implementation does not enforce this. Instead, mempool rejects the replacement attempt of the unconfirmed child transaction.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:10:31.041Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bitcoinops.org/en/topics/replace-by-fee/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/bitcoin/bitcoin"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bitcoinops.org/en/newsletters/2021/05/12/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff, spending an unconfirmed parent with nSequence \u003c= 0xff_ff_ff_fd, should be replaceable because there is inherited signaling by the child transaction. However, the actual PreChecks implementation does not enforce this. Instead, mempool rejects the replacement attempt of the unconfirmed child transaction."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-13T21:03:38.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bitcoinops.org/en/topics/replace-by-fee/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/bitcoin/bitcoin"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bitcoinops.org/en/newsletters/2021/05/12/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-31876",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff, spending an unconfirmed parent with nSequence \u003c= 0xff_ff_ff_fd, should be replaceable because there is inherited signaling by the child transaction. However, the actual PreChecks implementation does not enforce this. Instead, mempool rejects the replacement attempt of the unconfirmed child transaction."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876",
                  "refsource": "MISC",
                  "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876"
                },
                {
                  "name": "https://bitcoinops.org/en/topics/replace-by-fee/",
                  "refsource": "MISC",
                  "url": "https://bitcoinops.org/en/topics/replace-by-fee/"
                },
                {
                  "name": "https://github.com/bitcoin/bitcoin",
                  "refsource": "MISC",
                  "url": "https://github.com/bitcoin/bitcoin"
                },
                {
                  "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html",
                  "refsource": "MISC",
                  "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html"
                },
                {
                  "name": "https://bitcoinops.org/en/newsletters/2021/05/12/",
                  "refsource": "MISC",
                  "url": "https://bitcoinops.org/en/newsletters/2021/05/12/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-31876",
        "datePublished": "2021-05-13T21:03:38.000Z",
        "dateReserved": "2021-04-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:10:31.041Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3401 (GCVE-0-2021-3401)

    Vulnerability from nvd – Published: 2021-02-04 04:47 – Updated: 2024-08-03 16:53
    VLAI
    Summary
    Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states "I believe that this vulnerability cannot actually be exploited."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:17.623Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://achow101.com/2021/02/0.18-uri-vuln"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/bitcoin/bitcoin/pull/16578"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states \"I believe that this vulnerability cannot actually be exploited.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-04T04:47:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://achow101.com/2021/02/0.18-uri-vuln"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/bitcoin/bitcoin/pull/16578"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-3401",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states \"I believe that this vulnerability cannot actually be exploited.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://achow101.com/2021/02/0.18-uri-vuln",
                  "refsource": "MISC",
                  "url": "https://achow101.com/2021/02/0.18-uri-vuln"
                },
                {
                  "name": "https://github.com/bitcoin/bitcoin/pull/16578",
                  "refsource": "MISC",
                  "url": "https://github.com/bitcoin/bitcoin/pull/16578"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-3401",
        "datePublished": "2021-02-04T04:47:30.000Z",
        "dateReserved": "2021-02-04T00:00:00.000Z",
        "dateUpdated": "2024-08-03T16:53:17.623Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9230 (GCVE-0-2017-9230)

    Vulnerability from nvd – Published: 2017-05-24 16:00 – Updated: 2024-08-05 17:02 Disputed
    VLAI
    Summary
    The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
    Assigner
    Impacted products
    Vendor Product Version
    bitcoin bitcoin Affected: -
        cpe:2.3:a:bitcoin:bitcoin:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2017-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:bitcoin:bitcoin:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitcoin",
                "vendor": "bitcoin",
                "versions": [
                  {
                    "status": "affected",
                    "version": "-"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-9230",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-23T15:55:28.785269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-338",
                    "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:11:52.036Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:43.380Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html"
              },
              {
                "name": "98657",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98657"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-13T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html"
            },
            {
              "name": "98657",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98657"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-9230",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf",
                  "refsource": "MISC",
                  "url": "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf"
                },
                {
                  "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html",
                  "refsource": "MISC",
                  "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html"
                },
                {
                  "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html",
                  "refsource": "MISC",
                  "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html"
                },
                {
                  "name": "98657",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98657"
                },
                {
                  "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html",
                  "refsource": "MISC",
                  "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html"
                },
                {
                  "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html",
                  "refsource": "MISC",
                  "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html"
                },
                {
                  "name": "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf",
                  "refsource": "MISC",
                  "url": "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-9230",
        "datePublished": "2017-05-24T16:00:00.000Z",
        "dateReserved": "2017-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:02:43.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31876 (GCVE-0-2021-31876)

    Vulnerability from cvelistv5 – Published: 2021-05-13 21:03 – Updated: 2024-08-03 23:10
    VLAI
    Summary
    Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff, spending an unconfirmed parent with nSequence <= 0xff_ff_ff_fd, should be replaceable because there is inherited signaling by the child transaction. However, the actual PreChecks implementation does not enforce this. Instead, mempool rejects the replacement attempt of the unconfirmed child transaction.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:10:31.041Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bitcoinops.org/en/topics/replace-by-fee/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/bitcoin/bitcoin"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bitcoinops.org/en/newsletters/2021/05/12/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff, spending an unconfirmed parent with nSequence \u003c= 0xff_ff_ff_fd, should be replaceable because there is inherited signaling by the child transaction. However, the actual PreChecks implementation does not enforce this. Instead, mempool rejects the replacement attempt of the unconfirmed child transaction."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-13T21:03:38.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bitcoinops.org/en/topics/replace-by-fee/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/bitcoin/bitcoin"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bitcoinops.org/en/newsletters/2021/05/12/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-31876",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff, spending an unconfirmed parent with nSequence \u003c= 0xff_ff_ff_fd, should be replaceable because there is inherited signaling by the child transaction. However, the actual PreChecks implementation does not enforce this. Instead, mempool rejects the replacement attempt of the unconfirmed child transaction."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876",
                  "refsource": "MISC",
                  "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876"
                },
                {
                  "name": "https://bitcoinops.org/en/topics/replace-by-fee/",
                  "refsource": "MISC",
                  "url": "https://bitcoinops.org/en/topics/replace-by-fee/"
                },
                {
                  "name": "https://github.com/bitcoin/bitcoin",
                  "refsource": "MISC",
                  "url": "https://github.com/bitcoin/bitcoin"
                },
                {
                  "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html",
                  "refsource": "MISC",
                  "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html"
                },
                {
                  "name": "https://bitcoinops.org/en/newsletters/2021/05/12/",
                  "refsource": "MISC",
                  "url": "https://bitcoinops.org/en/newsletters/2021/05/12/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-31876",
        "datePublished": "2021-05-13T21:03:38.000Z",
        "dateReserved": "2021-04-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:10:31.041Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3401 (GCVE-0-2021-3401)

    Vulnerability from cvelistv5 – Published: 2021-02-04 04:47 – Updated: 2024-08-03 16:53
    VLAI
    Summary
    Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states "I believe that this vulnerability cannot actually be exploited."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:17.623Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://achow101.com/2021/02/0.18-uri-vuln"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/bitcoin/bitcoin/pull/16578"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states \"I believe that this vulnerability cannot actually be exploited.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-04T04:47:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://achow101.com/2021/02/0.18-uri-vuln"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/bitcoin/bitcoin/pull/16578"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-3401",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states \"I believe that this vulnerability cannot actually be exploited.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://achow101.com/2021/02/0.18-uri-vuln",
                  "refsource": "MISC",
                  "url": "https://achow101.com/2021/02/0.18-uri-vuln"
                },
                {
                  "name": "https://github.com/bitcoin/bitcoin/pull/16578",
                  "refsource": "MISC",
                  "url": "https://github.com/bitcoin/bitcoin/pull/16578"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-3401",
        "datePublished": "2021-02-04T04:47:30.000Z",
        "dateReserved": "2021-02-04T00:00:00.000Z",
        "dateUpdated": "2024-08-03T16:53:17.623Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9230 (GCVE-0-2017-9230)

    Vulnerability from cvelistv5 – Published: 2017-05-24 16:00 – Updated: 2024-08-05 17:02 Disputed
    VLAI
    Summary
    The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
    Assigner
    Impacted products
    Vendor Product Version
    bitcoin bitcoin Affected: -
        cpe:2.3:a:bitcoin:bitcoin:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2017-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:bitcoin:bitcoin:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitcoin",
                "vendor": "bitcoin",
                "versions": [
                  {
                    "status": "affected",
                    "version": "-"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-9230",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-23T15:55:28.785269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-338",
                    "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:11:52.036Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:43.380Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html"
              },
              {
                "name": "98657",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98657"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-13T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html"
            },
            {
              "name": "98657",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98657"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-9230",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf",
                  "refsource": "MISC",
                  "url": "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf"
                },
                {
                  "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html",
                  "refsource": "MISC",
                  "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html"
                },
                {
                  "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html",
                  "refsource": "MISC",
                  "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html"
                },
                {
                  "name": "98657",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98657"
                },
                {
                  "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html",
                  "refsource": "MISC",
                  "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html"
                },
                {
                  "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html",
                  "refsource": "MISC",
                  "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html"
                },
                {
                  "name": "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf",
                  "refsource": "MISC",
                  "url": "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-9230",
        "datePublished": "2017-05-24T16:00:00.000Z",
        "dateReserved": "2017-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:02:43.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }