CVE-2018-1000851

Name: CVE-2018-1000851
Creator: NVD / NIST
Published: 2018-12-20T15:29:02.5+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.24%

Last modified Jun 17, 2026

CVE-2018-1000851 is a vulnerability of currently unknown severity. Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. EPSS estimates a 2.24% chance of exploitation in the next 30 days.

Description

Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup . This vulnerability appears to have been fixed in 5.2.0 and later .

Metrics

EPSS Probability

2.24%

80.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-522

Affected Software

Vendor	Product	Versions
Copay	Copay Bitcoin Wallet	>= 5.0.1, <= 5.1.0

References

https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/Third Party Advisory
https://blog.bitpay.com/npm-package-vulnerability-copay/Third Party Advisory
https://github.com/bitpay/copay/issues/9346Exploit, Issue Tracking, Patch, Third Party Advisory
https://github.com/dominictarr/event-stream/issues/116Exploit, Issue Tracking, Patch, Third Party Advisory
https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/Third Party Advisory
https://blog.bitpay.com/npm-package-vulnerability-copay/Third Party Advisory
https://github.com/bitpay/copay/issues/9346Exploit, Issue Tracking, Patch, Third Party Advisory
https://github.com/dominictarr/event-stream/issues/116Exploit, Issue Tracking, Patch, Third Party Advisory

Timeline

Published: Dec 20, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-1000851?

How severe is CVE-2018-1000851?

Severity scoring for CVE-2018-1000851 is pending analysis. The EPSS model estimates a 2.24% probability of exploitation in the next 30 days.

How do I fix CVE-2018-1000851?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-1000851?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST