Описание
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."
Ссылки
- Third Party Advisory
- Issue Tracking
- Product
- Release Notes
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Issue Tracking
- Product
- Release Notes
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.9 (включая) до 26.0 (включая)Версия от 0.9 (включая) до 25.1 (исключая)
Одно из
cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*
cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*
EPSS
Процентиль: 9%
0.00032
Низкий
5.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
debian
около 2 лет назад
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots202311 ...
CVSS3: 5.3
github
около 2 лет назад
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023.
EPSS
Процентиль: 9%
0.00032
Низкий
5.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo