Vulnerabilities > CVE-2018-17144
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 | |
Application | 36 |
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-731.NASL description This update for bitcoin to version 0.16.3 fixes the following issues : - CVE-2018-17144: Prevent remote denial of service (application crash) exploitable by miners via duplicate input (bsc#1108992). For additional changes please check the changelog. last seen 2020-05-31 modified 2019-03-27 plugin id 123316 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123316 title openSUSE Security Update : bitcoin (openSUSE-2019-731) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-731. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(123316); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26"); script_cve_id("CVE-2018-17144"); script_name(english:"openSUSE Security Update : bitcoin (openSUSE-2019-731)"); script_summary(english:"Check for the openSUSE-2019-731 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for bitcoin to version 0.16.3 fixes the following issues : - CVE-2018-17144: Prevent remote denial of service (application crash) exploitable by miners via duplicate input (bsc#1108992). For additional changes please check the changelog." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108992" ); script_set_attribute( attribute:"solution", value:"Update the affected bitcoin packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bitcoin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bitcoin-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bitcoin-qt5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bitcoin-qt5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bitcoin-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bitcoin-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bitcoin-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bitcoin-utils-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bitcoind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bitcoind-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libbitcoinconsensus-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libbitcoinconsensus0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libbitcoinconsensus0-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/19"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"bitcoin-debuginfo-0.16.3-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"bitcoin-debugsource-0.16.3-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"bitcoin-qt5-0.16.3-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"bitcoin-qt5-debuginfo-0.16.3-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"bitcoin-test-0.16.3-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"bitcoin-test-debuginfo-0.16.3-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"bitcoin-utils-0.16.3-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"bitcoin-utils-debuginfo-0.16.3-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"bitcoind-0.16.3-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"bitcoind-debuginfo-0.16.3-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libbitcoinconsensus-devel-0.16.3-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libbitcoinconsensus0-0.16.3-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libbitcoinconsensus0-debuginfo-0.16.3-lp150.2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bitcoin-debuginfo / bitcoin-debugsource / bitcoin-qt5 / etc"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1098.NASL description This update for bitcoin to version 0.16.3 fixes the following issues : - CVE-2018-17144: Prevent remote denial of service (application crash) exploitable by miners via duplicate input (bsc#1108992). For additional changes please check the changelog. last seen 2020-06-05 modified 2018-10-05 plugin id 117929 published 2018-10-05 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117929 title openSUSE Security Update : bitcoin (openSUSE-2018-1098) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_40A844BFC43011E896DC000743165DB0.NASL description Bitcoin Core reports : CVE-2018-17144, a fix for which was released on September 18th in Bitcoin Core versions 0.16.3 and 0.17.0rc4, includes both a Denial of Service component and a critical inflation vulnerability. It was originally reported to several developers working on Bitcoin Core, as well as projects supporting other cryptocurrencies, including ABC and Unlimited on September 17th as a Denial of Service bug only, however we quickly determined that the issue was also an inflation vulnerability with the same root cause and fix. last seen 2020-06-01 modified 2020-06-02 plugin id 117845 published 2018-10-01 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117845 title FreeBSD : bitcoin -- Denial of Service and Possible Mining Inflation (40a844bf-c430-11e8-96dc-000743165db0)
The Hacker News
id | THN:34A6F7CE85B5AB39EBC345A893D45BC8 |
last seen | 2018-09-25 |
modified | 2018-09-25 |
published | 2018-09-25 |
reporter | The Hacker News |
source | https://thehackernews.com/2018/09/bitcoin-core-software.html |
title | Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability |
References
- https://bitcoincore.org/en/2018/09/18/release-0.16.3/
- https://bitcoincore.org/en/2018/09/18/release-0.16.3/
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144
- https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md
- https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md
- https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md
- https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md
- https://github.com/JinBean/CVE-Extension
- https://github.com/JinBean/CVE-Extension