|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Cryptocurrency News Articles
Bitcoin Core Developers Disclose 10 Vulnerabilities Affecting Older Software Versions
Jul 12, 2024 at 10:50 pm
The vulnerabilities, fixed in more recent releases, could have allowed various attacks on nodes running outdated Bitcoin Core versions.
Bitcoin Optech has disclosed a total of 10 vulnerabilities that have affected older versions of Bitcoin Core software, according to a report by CryptoSlate. These vulnerabilities, which have been fixed in more recent releases, could have enabled various attacks on nodes running outdated Bitcoin Core versions.
The disclosure of these vulnerabilities is significant considering that Bitcoin Core developers have recently introduced a new security disclosure policy with the aim of improving transparency and communication regarding vulnerabilities.
In the past, the project has faced criticism for not adequately disclosing security-critical bugs to the public, leading to a perception that Bitcoin Core is largely bug-free.
Libbitcoin developer Eric Voskuil, in a message to the Bitcoin mailing list, highlighted that this perception is misleading and could be dangerous, as it downplays the risks involved in running outdated software versions.
Active Bitcoin node vulnerabilities
CryptoSlate has analyzed active Bitcoin nodes to assess how many are currently vulnerable to each attack vector. Out of 14,001 nodes, roughly 787 (5.94%) are running versions older than 0.21.0.
While the network remains secure and largely protected against any meaningful attacks, this figure is significant enough to be considered a problem that the Bitcoin community may need to address.
Efforts can be made to encourage these node operators to upgrade to newer versions in order to enhance the Bitcoin network’s overall security, efficiency, and future readiness.
Although not an immediate critical issue, it is certainly a concern that warrants attention. It’s not an existential threat to Bitcoin, as the majority of the network still runs up-to-date software. However, it does represent a non-trivial portion of the network that could cause issues or be exploited under certain circumstances.
This highlights a need for better communication and incentives within the Bitcoin community to encourage more frequent updates.
Risks for active Bitcoin nodes
According to the disclosure, the most widespread vulnerability affected versions prior to 0.21.0, potentially impacting 787 nodes. This flaw could enable censorship of unconfirmed transactions and cause netsplits due to excessive time adjustments.
Three separate vulnerabilities affected versions before 0.20.0, each potentially impacting 182 nodes. These included a memory DoS from large inv-messages, a CPU-wasting DoS from malformed requests, and a memory-related crash when parsing BIP72 URIs.
An unbound ban list CPU/memory DoS vulnerability (CVE-2020-14198) affected versions prior to 0.20.1, putting 185 nodes at risk. Earlier versions were susceptible to other attacks, such as a CPU DoS and node stalling from orphan handling (before 0.18.0, affecting 70 nodes) and a memory DoS using low-difficulty headers (before 0.15.0, impacting 29 nodes).
The oldest vulnerabilities disclosed included a remote code execution bug in miniupnpc (CVE-2015-6031) affecting versions before 0.11.1 and a node crash DoS from large messages (CVE-2015-3641) in versions prior to 0.10.1. These affected 22 and 5 nodes, respectively, indicating that very few are still running such outdated software.
New Bitcoin developer disclosure policy
The new policy categorizes vulnerabilities into four severity levels: low, medium, high, and critical. Low-severity bugs, which are difficult to exploit or have minimal impact, will be disclosed two weeks after a fixed version is released, with a pre-announcement made simultaneously.
Medium and high-severity bugs, which have more significant impacts, will be disclosed two weeks after the last affected release reaches its end-of-life (EOL), typically one year after the fixed version is first released. A pre-announcement will be made two weeks before disclosure. Critical bugs threatening the network’s integrity will require an ad-hoc disclosure procedure.
The policy will be implemented gradually. All vulnerabilities fixed in Bitcoin Core versions 0.21.0 and earlier will be disclosed immediately. In July, vulnerabilities fixed in version 22.0 will be disclosed, followed by those fixed in version 23.0 in August. This process will continue until all EOL versions have been addressed.
This initiative aims to set clear expectations for security researchers, incentivizing them to find and responsibly disclose vulnerabilities. By making security bugs available to a broader group of contributors, the policy seeks to prevent future issues and enhance the overall security of the Bitcoin network.
According to the Bitcoin Development Mailing List, the policy’s gradual adoption will allow the community to adjust and provide feedback on its impact.
Node operators still using affected versions are strongly advised to upgrade to the latest release to mitigate these potential risks.
Disclaimer:info@kdj.com
The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!
If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.
-
- BitMEX Introduces CATIUSDT Perpetual Swap with Up to 50x Leverage
- Sep 23, 2024 at 02:25 pm
- BitMEX announces the listing of CATIUSDT perpetual swaps, offering traders up to 50x leverage starting September 23, 2024.
-
- Woolworths $2 Olympic coin errors: Royal Australian Mint responds after rare misprints emerge
- Sep 23, 2024 at 02:15 pm
- The Royal Australian Mint has responded after special-edition coins released for the Paris Olympic and Paralympic Games had unique errors on them.
-
- Hamster Kombat Review: Tap to Earn Game Similar To Notcoin
- Sep 23, 2024 at 02:15 pm
- Popular Telegram-based game Hamster Kombat informed its players that they would not be allowed to claim their full HMSTR token allocations on the day
-
- Ethena Labs Airdrop is Live — Act Fast!
- Sep 23, 2024 at 02:15 pm
- Who is Eligible for Ethena Labs Airdrop? Full Guideline
-
- Exclusive OPENSEA Airdrop — Don't Miss Out!
- Sep 23, 2024 at 02:15 pm
- How to review OPENSEA Airdrop Eligibility?
-
- Chaos Labs Gains Recognition for Its DeFi Risk Management Tools, Secures $55M Series A Funding Round
- Sep 23, 2024 at 02:15 pm
- New York-based Chaos Labs, founded in 2021, is gaining recognition for its suite of risk management tools designed specifically for the decentralized finance (DeFi) sector.
-
- Ripple's Legal Battle with the SEC Ended with Mixed Results, But the Fight Isn't Over
- Sep 23, 2024 at 02:15 pm
- Ripple settled the XRP security case for $25 million instead of $2 billion. While Ripple can operate abroad, U.S. institutions cannot buy XRP!
-
- Rexas Finance (RXS) Gains Traction as a Rising Star in the Blockchain Ecosystem
- Sep 23, 2024 at 02:15 pm
- Rexas Finance (RXS), a blockchain platform specializing in the tokenization of real-world assets (RWA), has been gaining considerable traction in the investment community.
-
- Bitcoin Price Extend Gains Above $63,500
- Sep 23, 2024 at 12:15 pm
- Bitcoin price extended its increase above the $62,500 level. BTC was able to clear the $62,800 and $63,200 resistance levels to move further into a positive zone.