CVE-2018-20587

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-20587

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20587.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-20587

Published

2019-02-11T12:29:00Z

Modified

2025-02-19T00:18:39Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.

References

https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587

Affected packages

Git / github.com/bitcoin/bitcoin

Affected ranges

Type: GIT
Repo: https://github.com/bitcoin/bitcoin
Events: Introduced

188ca9c305d3dd0fb462b9d6a44048b1d99a05f3

Last affected

ef70f9b52b851c7997a9f1a0834714e3eebc1fd8