CVE-2018-1000851

Опубликовано: 20 дек. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup . This vulnerability appears to have been fixed in 5.2.0 and later .

Ссылки

https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/
Third Party Advisory
https://blog.bitpay.com/npm-package-vulnerability-copay/
Third Party Advisory
https://github.com/bitpay/copay/issues/9346
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/dominictarr/event-stream/issues/116
Exploit
Issue Tracking
Patch
Third Party Advisory
https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/
Third Party Advisory
https://blog.bitpay.com/npm-package-vulnerability-copay/
Third Party Advisory
https://github.com/bitpay/copay/issues/9346
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/dominictarr/event-stream/issues/116
Exploit
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:copay:copay_bitcoin_wallet:*:*:*:*:*:*:*:*

Версия от 5.0.1 (включая) до 5.1.0 (включая)

EPSS

Процентиль: 68%

0.00572

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-xq8h-vhf6-2hhq