CVE-2016-10724

EPSS 0.73%
Veröffentlicht 05.07.2018 22:29:00
Zuletzt bearbeitet 21.11.2024 02:44:35
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bitcoin ≫ Bitcoin Core Version < 0.13.0

Bitcoin ≫ Bitcoin-qt Version < 0.13.0

Bitcoin ≫ Bitcoind Version < 0.13.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.73%	0.717

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

Vendor Advisory

https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure

https://github.com/JinBean/CVE-Extension

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-10724

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-10724

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-10724

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-10724