CVE-2016-10724

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-10724

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10724.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-10724

Published

2018-07-05T22:29:00Z

Modified

2025-02-19T01:19:56Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.

References

Affected packages

Git / github.com/bitcoin/bitcoin

Affected ranges

Type: GIT
Repo: https://github.com/bitcoin/bitcoin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a402396dce64c42ea73535b7dde4a9164d430438