Vulnerabilities > CVE-2012-4684 - Resource Management Errors vulnerability in Bitcoin products

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

bitcoin

CWE-399

NVD

Published: 2013-03-12

Updated: 2020-03-18

Summary

The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert.

Vulnerable Configurations

Part	Description	Count
Application	Bitcoin Bitcoin Bitcoin QT 0.6.3 Bitcoin Bitcoin Core 0.3.4 Bitcoin Bitcoin Core 0.3.5 Bitcoin Bitcoin Core 0.3.8 Bitcoin Bitcoin Core 0.3.10 Bitcoin Bitcoin Core 0.3.11 Bitcoin Bitcoin Core 0.3.12 Bitcoin Bitcoin Core 0.4.0 Bitcoin Bitcoin Core 0.4.1 Bitcoin Bitcoin Core 0.4.2 Bitcoin Bitcoin Core 0.4.3 Bitcoin Bitcoin Core 0.4.4 Bitcoin Bitcoin Core 0.4.5 Bitcoin Bitcoin Core 0.4.6 Bitcoin Bitcoin Core 0.4.7 Bitcoin Bitcoin Core 0.5.0 Bitcoin Bitcoin Core 0.5.3 Bitcoin Bitcoin Core 0.5.3.1 Bitcoin Bitcoin Core 0.5.4 Bitcoin Bitcoin Core 0.5.5 Bitcoin Bitcoin Core 0.5.6 Bitcoin Bitcoin Core 0.6.0.1 Bitcoin Bitcoin Core 0.6.0.2 Bitcoin Bitcoin Core 0.6.0.3 Bitcoin Bitcoin Core 0.6.0.4 Bitcoin Bitcoin Core 0.6.0.5 Bitcoin Bitcoin Core 0.6.0.6 Bitcoin Bitcoin Core 0.6.0.7 Bitcoin Bitcoin Core 0.6.0.8 Bitcoin Bitcoin Core 0.6.1 Bitcoin Bitcoin Core 0.6.2 Bitcoin Bitcoind 0.6.3 Bitcoin Wxbitcoin 0.3.4 Bitcoin Wxbitcoin 0.3.5 Bitcoin Wxbitcoin 0.3.8 Bitcoin Wxbitcoin 0.3.10 Bitcoin Wxbitcoin 0.3.11 Bitcoin Wxbitcoin 0.4.0 Bitcoin Wxbitcoin 0.4.1 Bitcoin Wxbitcoin 0.5.0	43

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References