Cryptomustar
Sunday, July 3, 2022
  • Home
  • Altcoin
  • Bitcoin
  • Ethereum
  • Litecoin
  • Cryptocurrency
  • Blockchain
  • Regulation
  • Market
  • Prices
  • ICO
No Result
View All Result
  • Home
  • Altcoin
  • Bitcoin
  • Ethereum
  • Litecoin
  • Cryptocurrency
  • Blockchain
  • Regulation
  • Market
  • Prices
  • ICO
No Result
View All Result
Cryptomustar
No Result
View All Result
Home Blockchain

‘High’ Severity Bug in Bitcoin Software Revealed 2 Years After Fix

by admin
September 9, 2020
in Blockchain
0
‘High’ Severity Bug in Bitcoin Software Revealed 2 Years After Fix
0
SHARES
5
VIEWS
Share on FacebookShare on Twitter


A previously undisclosed vulnerability in the Bitcoin Core software could have allowed attackers to steal funds, delay settlements or split the largest blockchain network into conflicting versions had it not been quietly patched two years ago.

That’s according to a paper published Wednesday by Braydon Fuller, lead developer at decentralized cloud storage protocol Storj who caught the vulnerability in June 2018, and Javed Khan, a core developer of the Handshake protocol.  

The vulnerability was given a severity level of 7.8 on a scale of 1 to 10, which is deemed “high” (9 or above is considered “critical”). It was caused by “remote nodes” failing to clear invalid transactions from their memory, Khan told CoinDesk. 

The inability to clear those transactions could lead to an aggressor flooding a victim node with stale data in what is referred to as “uncontrolled resource consumption,” eventually causing the node to shut down, the paper states.

Read more: Latest Bitcoin Core Code Release Protects Against Nation-State Attacks

“There was no mechanism to make sure that the pending details of a transaction are valid or not. In certain cases you could fill up the remote databases with invalid transactions,” Khan said.

No attempt to take advantage of the hole was found in the wild, Khan and Fuller wrote. The vulnerability could not be disclosed publicly for over two years as node operators took longer than expected to update, Fuller said.

While the vulnerability was fixed, its disclosure highlights the difficulties of building a global money standard on programming languages created by humans, not to mention the high technical barriers to engaging in development of the top cryptocurrency.

The vulnerability was introduced to Bitcoin Core in November 2017. Some 50% of Bitcoin nodes at the time were exposed to the attack vector, according to the paper. Earlier versions of Bitcoin Core were not affected.

Bitcoin Core and more

Khan further said that the vulnerability could have enabled an attacker to steal funds from nodes that had open channels on the Lightning Network, an experimental payment system built on top of the Bitcoin blockchain.

Bitcoin Core versions 0.16.0 and 0.16.1 were affected and patched by developer Matt Corallo following a disclosure by Fuller to the core team in July 2018. Corallo did not answer questions seeking comment by press time.

Fuller’s discovery was followed by another Bitcoin bug addressed two months later in Bitcoin Core 0.16.3. Also a vector for a denial-of-service attack, one aspect of that bug allowed miners to “inflate the supply of Bitcoin” as they could double-spend certain values, the Bitcoin Core team wrote at the time.

The emergency patch issued in that Bitcoin Core version addressed Fuller’s bug as well, Khan and Fuller wrote.

A spot was reserved for the resource consumption vulnerability on the National Institute of Standards and Technology (NIST)’s Common Vulnerabilities and Exposures (CVE) registry as CVE-2018-17145 in 2018, but it has yet to be filled out. The registry acts as a public glossary for software bugs of note.

Bitcoin Core is the reference implementation, or standard version of the network software from which others are derived. According to the paper, the exploit was also possible on several other implementations of Bitcoin and its offshoots:

  • Bitcoin Knots v0.16.0
  • All beta versions of Bcoin up to v1.0.0-pre
  • All versions of Btcd up to v0.20.1-beta
  • Litecoin Core v0.16.0
  • Namecoin Core v0.16.1
  • All versions of Dcrd up to v1.5.1. 

All of these implementations have been patched.

Disclosure

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.



Source link

RELATED POSTS

What Traders Are Saying About Bitcoin's Biggest Monthly Loss in 11 Years

Celsius Shareholder BnkToTheFuture Proposes Bitcoin Investments, Restructuring in Rescue Bid

Tags: BitcoinBugFixHighRevealedSeveritySoftwareYears
ShareTweetShare

Related Posts

Facts or Feelings? Bitcoin Allocation Makes Sense Even in Nasty Bear Markets

What Traders Are Saying About Bitcoin's Biggest Monthly Loss in 11 Years

by admin
July 2, 2022
0

Poor macroeconomic sentiment, fears of inflation, and systemic risks from the crypto market pushed bitcoin below 2017’s highs. ...

Celsius Shareholder BnkToTheFuture Proposes Bitcoin Investments, Restructuring in Rescue Bid

Celsius Shareholder BnkToTheFuture Proposes Bitcoin Investments, Restructuring in Rescue Bid

by admin
July 2, 2022
0

Community investing protocol BnkToTheFuture put forth three proposals in a bid to save Celsius from going under. Source...

Futuros de bitcoin y ether acumulan casi $200M en liquidaciones por estrangulamiento de posiciones cortas

Futuros de bitcoin y ether acumulan casi $200M en liquidaciones por estrangulamiento de posiciones cortas

by admin
July 2, 2022
0

La volatilidad de los precios resurgió a medida que se renovaron los signos de recesión inminentes entre los inversores,...

Meta comienza las pruebas de integración de NFTs en Facebook

Meta comienza las pruebas de integración de NFTs en Facebook

by admin
July 2, 2022
0

Las pruebas de NFTs en Facebook siguen a una serie de integraciones piloto en Instagram que sucedieron en mayo....

El Salvador compra 80 bitcoins adicionales a $19K cada uno, según el presidente Bukele

El Salvador compra 80 bitcoins adicionales a $19K cada uno, según el presidente Bukele

by admin
July 2, 2022
0

Según los datos de CoinDesk basados en los anuncios de Bukele, El Salvador lleva un 55,03% de su apuesta...

POPULAR NEWS

4 Cryptocurrency that Blow Bitcoin Out of the Water

4 Cryptocurrency that Blow Bitcoin Out of the Water

September 25, 2020
Memoriae – Next Generation of Decentralized Cloud Storage Based on Blockchain

Memoriae – Next Generation of Decentralized Cloud Storage Based on Blockchain

July 1, 2021
Apollo CBDC: The CBDC Platform that can Power Economies

Apollo CBDC: The CBDC Platform that can Power Economies

October 6, 2020
Stratus: The Most Feature Rich Social Media Network

Stratus: The Most Feature Rich Social Media Network

September 9, 2020
Binance Coin (BNB) erupts above $270 as the whole Smart Chain ecosystem soars

Binance Coin (BNB) erupts above $270 as the whole Smart Chain ecosystem soars

February 19, 2021

EDITOR'S PICK

Binance in Talks to Obtain Dubai License Amid Middle East Push: Report

Dubai Attracts Crypto.com, Bybit as Friendly Rules Bear Fruit

March 29, 2022
3 Reasons Why Bitcoin Could Retest $40,000 All Over Again

3 Reasons Why Bitcoin Could Retest $40,000 All Over Again

January 21, 2021
Things “Could Get Ugly” for Bitcoin if It Closes Below This Key Level

Bitcoin On the Cusp of Facing Another Wave of Intense Selling: Analyst

January 12, 2021
How Brands Can Co-Create in a Metaverse

How Brands Can Co-Create in a Metaverse

February 18, 2022

About

We publish a comprehensive news feed covering all news relevant to the crypto user, covering main industry news, politics and regulation as well as consumer-level “news you can use” (practical stuff), including handy DIY tips, links to useful tools, unbiased reviews and opinions revolving around cryptocurrency. Simple logic and real-world examples are preferred before technical jargon and personal rants.

Follow us

Categories

  • Altcoin
  • Bitcoin
  • Blockchain
  • Cryptocurrency
  • Ethereum
  • Litecoin
  • Market
  • Press Release
  • Regulation
  • Uncategorized

Recent Posts

  • Bitcoin Legalization Pushed By Mexican Senator, Despite Central Bank’s Opposition
  • 3 Lessons From The Oslo Freedom Forum: BTC Is Different – Neigut, Alden, Feinstein
  • Bitcoin Funding Rate Turns Deep Red, Short Squeeze Soon?
  • Three Arrows Paper Trail Leads to Trading Desk Obscured Via Offshore Entities
  • About Us
  • Privacy Policy
  • Contact Us

© 2020 cryptomustar.com

No Result
View All Result
  • Home
  • Altcoin
  • Bitcoin
  • Ethereum
  • Litecoin
  • Cryptocurrency
  • Blockchain
  • Regulation
  • Market
  • Prices
  • ICO

© 2020 cryptomustar.com

  • YAM v2YAM v2(YAMV2)$4.70-1.41%
  • yfBetayfBeta(YFBETA)$4.27-0.10%
  • IDLEIDLE(IDLE)$1.44-12.39%
  • WPP TokenWPP Token(WPP)$0.006826-3.49%
  • DSLA ProtocolDSLA Protocol(DSLA)$0.003681-6.85%
  • lympoLympo(LYM)$0.004392-4.43%
  • Werewolf CoinWerewolf Coin(WWC)$0.098082-2.58%
  • PolkaBridgePolkaBridge(PBR)$0.439784-6.92%
  • Dev ProtocolDev Protocol(DEV)$1.76-16.14%
  • EvidenZEvidenZ(BCDT)$0.122949-3.85%