|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
自 2023 年 5 月以來已修復錯誤,但 Bitcoin Core 不會自動更新
Bitcoin developers disclosed details of another high-severity software bug on Monday, revealing that over 13% of the home and business computers around the world that enforce Bitcoin’s rules are vulnerable to a remote shutdown.
比特幣開發人員週一披露了另一個高嚴重性軟體漏洞的詳細信息,顯示全球超過 13% 的執行比特幣規則的家庭和企業電腦容易受到遠端關閉的影響。
The bug, named CVE-2024-35202, affects Bitcoin nodes running Core software prior to version 25.0. Nodes that have not updated to at least 25.0 allow an attacker to remotely exploit an assertion in the software logic that handles block transaction (‘blocktxn’) messages.
該漏洞名為 CVE-2024-35202,影響運行 25.0 版本之前的核心軟體的比特幣節點。未更新到至少 25.0 的節點允許攻擊者遠端利用處理區塊事務(「blocktxn」)訊息的軟體邏輯中的斷言。
Specifically, the vulnerability stems from Core’s compact block protocol, which uses shortened transaction identifiers to reduce internet bandwidth use. An attacker can trigger a collision in these identifiers, causing the node to request a full block.
具體來說,該漏洞源於 Core 的緊湊塊協議,該協議使用縮短的交易標識符來減少互聯網頻寬的使用。攻擊者可以觸發這些標識符的衝突,導致節點請求完整的區塊。
Although requesting a full, unabridged block is a safety precaution, software versions prior to 25.0 have a flaw in their handling logic of subsequent blocktxn messages. In short, the node can be forced into an invalid state through manipulating logic gates, causing it to crash entirely.
儘管請求完整的、未刪節的區塊是一種安全預防措施,但 25.0 之前的軟體版本在後續 blocktxn 訊息的處理邏輯上存在缺陷。簡而言之,可以透過操縱邏輯閘來迫使節點進入無效狀態,導致其完全崩潰。
The vulnerability was discovered and disclosed by Niklas Gögge, who also provided the patch implemented in Bitcoin Core v25.0. He patched this bug in Bitcoin Core pull request number 26898 and other developers had merged it into production by May 26, 2023.
這個漏洞由 Niklas Gögge 發現並揭露,他還提供了在 Bitcoin Core v25.0 中實現的修補程式。他在比特幣核心拉取請求編號 26898 中修復了此錯誤,其他開發人員已於 2023 年 5 月 26 日將其合併到生產中。
According to self-declared values declared by internet-accessible nodes tracked by BitNodes.io, 13.7% of the 18,843 nodes operating the Bitcoin network are vulnerable to the attack. Developers encourage all node operators to update their software to patch this vulnerability. The latest version of Bitcoin Core software is 28.0.
根據 BitNodes.io 追蹤的互聯網可存取節點聲明的自我聲明值,運行比特幣網路的 18,843 個節點中有 13.7% 容易受到攻擊。開發人員鼓勵所有節點營運商更新其軟體以修補此漏洞。比特幣核心軟體的最新版本是28.0。
Bitcoin Core developers have been disclosing details of high-severity bugs in older software versions as of late. Because Core software does not automatically update by default, those operating Bitcoin nodes must manually choose to download, verify, and update their software.
比特幣核心開發人員最近一直在披露舊軟體版本中高嚴重性錯誤的詳細資訊。由於核心軟體預設不會自動更新,因此運行比特幣節點的人必須手動選擇下載、驗證和更新其軟體。
This vulnerability has little financial benefit to an average attacker, as it requires sophisticated manipulation of the compact block protocol and does not allow for double-spending of bitcoin without coordinating a variety of other financial and social engineering schemes.
該漏洞對普通攻擊者幾乎沒有經濟利益,因為它需要對緊湊塊協議進行複雜的操作,並且在不協調各種其他金融和社會工程方案的情況下不允許雙重支出比特幣。
However, the vulnerability could be exploited by a corporate or governmental actor who wants to disrupt the operations of Bitcoin for financially-deferred reasons, such as promoting an altcoin or another cryptocurrency project.
然而,該漏洞可能會被企業或政府行為者利用,他們出於財務延期的原因想要破壞比特幣的運營,例如推廣山寨幣或其他加密貨幣項目。
To stay up to date on the latest news from Bitcoin Magazine, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.
要了解比特幣雜誌的最新消息,請在 X、Instagram、Bluesky 和 Google News 上關注我們,或訂閱我們的 YouTube 頻道。
免責聲明:info@kdj.com
所提供的資訊並非交易建議。 kDJ.com對任何基於本文提供的資訊進行的投資不承擔任何責任。加密貨幣波動性較大,建議您充分研究後謹慎投資!
如果您認為本網站使用的內容侵犯了您的版權,請立即聯絡我們(info@kdj.com),我們將及時刪除。
-
- Plus Wallet 15 分鐘代幣上市震撼加密世界
- 2024-10-11 06:25:01
- 對於加密項目來說,延遲上市可能會導致錯失機會並給用戶帶來許多挫折感。大多數錢包需要長達兩週的時間才能列出代幣
-
- 布魯姆幣 (BLUM) 價格預測:專家怎麼說
- 2024-10-11 06:25:01
- 專家預計 Blum Coin 可能會顯著成長,預計到 2024 年底其價格將達到約 0.20 美元。