exploitDog

CVE-2015-6964

Опубликовано: 25 сент. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC).

Ссылки

https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html
Exploit
Third Party Advisory
https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:multibit:multibit_hd:*:*:*:*:*:*:*:*

Версия до 0.1.2 (исключая)

EPSS

Процентиль: 21%

0.00069

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-697

CWE-697

Связанные уязвимости

GHSA-fvh2-7539-6h22

CVSS3: 5.3

github

больше 2 лет назад

MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC).

EPSS

Процентиль: 21%

0.00069

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-697

CWE-697