CVE-2016-10724
Last modified
CVE-2016-10724 is a vulnerability of currently unknown severity. Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.. EPSS estimates a 2.28% chance of exploitation in the next 30 days.
Description
Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Bitcoin | Bitcoin Core | < 0.13.0 |
| Bitcoin | Bitcoin-Qt | < 0.13.0 |
| Bitcoin | Bitcoind | < 0.13.0 |
References
- https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.htmlThird Party Advisory
- https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-10724?
How severe is CVE-2016-10724?
How do I fix CVE-2016-10724?
Are you affected by CVE-2016-10724?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST