CVE-2017-12842

Опубликовано: 16 мар. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.

Ссылки

https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/
Third Party Advisory
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
Vendor Advisory
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html
Third Party Advisory
https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/
Third Party Advisory
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
Vendor Advisory
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*

Версия до 0.14.0 (исключая)

EPSS

Процентиль: 81%

0.01482

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2017-12842

CVSS3: 7.5

debian

почти 6 лет назад

Bitcoin Core before 0.14 allows an attacker to create an ostensibly va ...

GHSA-v55p-4chq-6grj

github

больше 3 лет назад