CVE-2021-3401

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-3401
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3401.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3401
Published
2021-02-04T05:15:13.037Z
Modified
2026-04-10T04:34:21.557938Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states "I believe that this vulnerability cannot actually be exploited."

References

Affected packages

Git / github.com/bitcoin/bitcoin

Affected ranges

Type
GIT
Repo
https://github.com/bitcoin/bitcoin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
42414bfd054793ca7bcf5ba329c48649e5d7933c
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.19.0"
        }
    ]
}

Affected versions

Other
noversion
v0.*
v0.19.0rc1
v0.19.0rc2
v0.19.0rc3
v0.3.1
v0.3.11_notexact
v0.3.1rc1
v0.3.2
v0.3.20
v0.3.20.01_closest
v0.3.20.2_closest
v0.3.21
v0.3.21rc
v0.3.22
v0.3.22rc1
v0.3.22rc2
v0.3.22rc3
v0.3.22rc4
v0.3.23
v0.3.23rc1
v0.3.24
v0.3.24rc1
v0.3.24rc2
v0.3.24rc3
v0.3.3
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.4.00rc1
v0.4.00rc2
v0.5.0
v0.5.0rc1
v0.5.0rc2
v0.5.0rc4
v0.5.0rc5
v0.5.0rc6
v0.5.0rc7
v0.5.1
v0.5.1rc1
v0.5.1rc2
v0.6.0
v0.6.0rc1
v0.6.0rc2
v0.6.0rc3
v0.6.0rc4
v0.6.0rc5
v0.6.0rc6
v0.6.1
v0.6.1rc1
v0.6.1rc2
v0.7.0
v0.7.0rc1
v0.7.0rc2
v0.7.0rc3
v0.7.1
v0.7.1rc1
v0.8.0
v0.8.0rc1
v0.8.2
v0.8.2rc1
v0.8.2rc2
v0.8.2rc3
v0.9.0rc1
v0.9.0rc2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3401.json"