|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
这些漏洞在最近的版本中得到修复,可能允许对运行过时的比特币核心版本的节点进行各种攻击。
Bitcoin Optech has disclosed a total of 10 vulnerabilities that have affected older versions of Bitcoin Core software, according to a report by CryptoSlate. These vulnerabilities, which have been fixed in more recent releases, could have enabled various attacks on nodes running outdated Bitcoin Core versions.
根据 CryptoSlate 的一份报告,Bitcoin Optech 披露了总共 10 个影响旧版本 Bitcoin Core 软件的漏洞。这些漏洞已在最新版本中修复,可能会对运行过时的比特币核心版本的节点发起各种攻击。
The disclosure of these vulnerabilities is significant considering that Bitcoin Core developers have recently introduced a new security disclosure policy with the aim of improving transparency and communication regarding vulnerabilities.
考虑到比特币核心开发人员最近推出了一项新的安全披露政策,旨在提高有关漏洞的透明度和沟通,这些漏洞的披露意义重大。
In the past, the project has faced criticism for not adequately disclosing security-critical bugs to the public, leading to a perception that Bitcoin Core is largely bug-free.
过去,该项目因没有向公众充分披露安全关键漏洞而受到批评,导致人们认为比特币核心基本上没有漏洞。
Libbitcoin developer Eric Voskuil, in a message to the Bitcoin mailing list, highlighted that this perception is misleading and could be dangerous, as it downplays the risks involved in running outdated software versions.
Libbitcoin 开发人员 Eric Voskuil 在给比特币邮件列表的消息中强调,这种看法具有误导性,并且可能很危险,因为它淡化了运行过时软件版本所涉及的风险。
Active Bitcoin node vulnerabilities
活跃比特币节点漏洞
CryptoSlate has analyzed active Bitcoin nodes to assess how many are currently vulnerable to each attack vector. Out of 14,001 nodes, roughly 787 (5.94%) are running versions older than 0.21.0.
CryptoSlate 分析了活跃的比特币节点,以评估当前有多少节点容易受到每种攻击向量的影响。在 14,001 个节点中,大约 787 个(5.94%)正在运行早于 0.21.0 的版本。
While the network remains secure and largely protected against any meaningful attacks, this figure is significant enough to be considered a problem that the Bitcoin community may need to address.
虽然网络仍然安全,并且在很大程度上受到保护,免受任何有意义的攻击,但这个数字足以被视为比特币社区可能需要解决的问题。
Efforts can be made to encourage these node operators to upgrade to newer versions in order to enhance the Bitcoin network’s overall security, efficiency, and future readiness.
可以努力鼓励这些节点运营商升级到新版本,以增强比特币网络的整体安全性、效率和未来准备度。
Although not an immediate critical issue, it is certainly a concern that warrants attention. It’s not an existential threat to Bitcoin, as the majority of the network still runs up-to-date software. However, it does represent a non-trivial portion of the network that could cause issues or be exploited under certain circumstances.
虽然这不是一个迫在眉睫的关键问题,但它确实是一个值得关注的问题。这并不是对比特币的生存威胁,因为网络的大部分仍然运行最新的软件。然而,它确实代表了网络的一个重要部分,可能会导致问题或在某些情况下被利用。
This highlights a need for better communication and incentives within the Bitcoin community to encourage more frequent updates.
这凸显了比特币社区内需要更好的沟通和激励措施,以鼓励更频繁的更新。
Risks for active Bitcoin nodes
活跃比特币节点的风险
According to the disclosure, the most widespread vulnerability affected versions prior to 0.21.0, potentially impacting 787 nodes. This flaw could enable censorship of unconfirmed transactions and cause netsplits due to excessive time adjustments.
据披露,最广泛的漏洞影响 0.21.0 之前的版本,可能影响 787 个节点。这一缺陷可能会导致对未经确认的交易进行审查,并因过多的时间调整而导致网络分裂。
Three separate vulnerabilities affected versions before 0.20.0, each potentially impacting 182 nodes. These included a memory DoS from large inv-messages, a CPU-wasting DoS from malformed requests, and a memory-related crash when parsing BIP72 URIs.
三个独立的漏洞影响 0.20.0 之前的版本,每个漏洞可能影响 182 个节点。其中包括来自大型 inv 消息的内存 DoS、来自格式错误的请求的 CPU 浪费 DoS,以及解析 BIP72 URI 时与内存相关的崩溃。
An unbound ban list CPU/memory DoS vulnerability (CVE-2020-14198) affected versions prior to 0.20.1, putting 185 nodes at risk. Earlier versions were susceptible to other attacks, such as a CPU DoS and node stalling from orphan handling (before 0.18.0, affecting 70 nodes) and a memory DoS using low-difficulty headers (before 0.15.0, impacting 29 nodes).
未绑定禁令列表 CPU/内存 DoS 漏洞 (CVE-2020-14198) 影响 0.20.1 之前的版本,使 185 个节点面临风险。早期版本容易受到其他攻击,例如 CPU DoS 和孤立处理造成的节点停顿(0.18.0 之前,影响 70 个节点)以及使用低难度标头的内存 DoS(0.15.0 之前,影响 29 个节点)。
The oldest vulnerabilities disclosed included a remote code execution bug in miniupnpc (CVE-2015-6031) affecting versions before 0.11.1 and a node crash DoS from large messages (CVE-2015-3641) in versions prior to 0.10.1. These affected 22 and 5 nodes, respectively, indicating that very few are still running such outdated software.
披露的最早的漏洞包括影响 0.11.1 之前版本的 miniupnpc 中的远程代码执行错误 (CVE-2015-6031) 以及 0.10.1 之前版本中来自大消息的节点崩溃 DoS (CVE-2015-3641)。这些分别影响了 22 个和 5 个节点,表明很少有节点仍在运行此类过时的软件。
New Bitcoin developer disclosure policy
新的比特币开发商披露政策
The new policy categorizes vulnerabilities into four severity levels: low, medium, high, and critical. Low-severity bugs, which are difficult to exploit or have minimal impact, will be disclosed two weeks after a fixed version is released, with a pre-announcement made simultaneously.
新政策将漏洞分为四个严重级别:低、中、高和严重。对于难以利用或影响较小的低严重性错误,将在修复版本发布两周后披露,并同时发布预公告。
Medium and high-severity bugs, which have more significant impacts, will be disclosed two weeks after the last affected release reaches its end-of-life (EOL), typically one year after the fixed version is first released. A pre-announcement will be made two weeks before disclosure. Critical bugs threatening the network’s integrity will require an ad-hoc disclosure procedure.
具有更重大影响的中度和高严重性错误将在最后一个受影响的版本达到生命周期结束 (EOL) 后两周(通常是修复版本首次发布一年后)披露。披露前两周将发布预公告。威胁网络完整性的严重错误将需要临时披露程序。
The policy will be implemented gradually. All vulnerabilities fixed in Bitcoin Core versions 0.21.0 and earlier will be disclosed immediately. In July, vulnerabilities fixed in version 22.0 will be disclosed, followed by those fixed in version 23.0 in August. This process will continue until all EOL versions have been addressed.
该政策将逐步落实。 Bitcoin Core 0.21.0 及更早版本中修复的所有漏洞将立即披露。 7月份将披露22.0版本中修复的漏洞,随后8月份将披露23.0版本中修复的漏洞。此过程将持续下去,直到所有 EOL 版本都得到解决。
This initiative aims to set clear expectations for security researchers, incentivizing them to find and responsibly disclose vulnerabilities. By making security bugs available to a broader group of contributors, the policy seeks to prevent future issues and enhance the overall security of the Bitcoin network.
该举措旨在为安全研究人员设定明确的期望,激励他们发现并负责任地披露漏洞。通过向更广泛的贡献者群体提供安全漏洞,该政策旨在防止未来出现问题并增强比特币网络的整体安全性。
According to the Bitcoin Development Mailing List, the policy’s gradual adoption will allow the community to adjust and provide feedback on its impact.
根据比特币发展邮件列表,该政策的逐步采用将使社区能够对其影响进行调整并提供反馈。
Node operators still using affected versions are strongly advised to upgrade to the latest release to mitigate these potential risks.
强烈建议仍在使用受影响版本的节点运营商升级到最新版本,以减轻这些潜在风险。
免责声明:info@kdj.com
所提供的信息并非交易建议。根据本文提供的信息进行的任何投资,kdj.com不承担任何责任。加密货币具有高波动性,强烈建议您深入研究后,谨慎投资!
如您认为本网站上使用的内容侵犯了您的版权,请立即联系我们(info@kdj.com),我们将及时删除。
-
- 市场出现升温迹象,值得关注的 5 种 Meme 币
- 2024-09-23 16:30:02
- 恐惧和贪婪指数为 50,表明市场稳定,而 Meme 币与比特币并驾齐驱,目前比特币价格徘徊在 63,000 美元左右。
-
- 兔子 2025。在一起,坚不可摧。
- 2024-09-23 16:20:02
- 在每一次欢呼和每一次考验中,都矗立着一份遗产,不仅建立在我们的胜利之上,而且是在韧性中锻造出来的。这就是兔子的精神。
-
- Floki (FLOKI) vs. Mpeppe (MPEPE):Meme 币统治地位之争愈演愈烈
- 2024-09-23 16:20:02
- 加密货币市场持续升温,Floki(FLOKI)在24小时内飙升10%,吸引了投资者和交易者的关注。
-
- 渲染 (RNDR) 价格预测:分析师预测渲染将大幅复苏
- 2024-09-23 16:20:02
- Render(RNDR)正在出现积极反弹,著名分析师 Javon Marks 强调了它的潜力。据 Marks 称,Render 此前已实现超过 10 倍的涨幅,达到 7.8501 美元(调整后约为 7.844 美元)。
-
- Catizen 如何将 6-8% 的玩家转化为代币持有者,展示社区代币化的好处
- 2024-09-23 16:20:02
- 在区块链技术的兴起和社区代币化概念的推动下,游戏行业正在经历一场深刻的变革。这种转变正在将玩家从单纯的参与者转变为利益相关者,赋予他们游戏生态系统的所有权和治理权。
-
- Bitgert vs Neiro vs Floki Inu – 2024 年更好的投资?
- 2024-09-23 16:20:02
- 随着比特币在过去几周出现积极走势,加密行业可能会在 2024 年最后两个季度蓬勃发展。
-
- 通过 Rexas 代币生成器和 Launchpad 扩大机会
- 2024-09-23 16:20:02
- Rexas Finance 的代币生成器是一项核心功能,它使个人能够将任何现实世界的资产代币化,从而改变传统的房地产市场。
-
- 加密货币交易员称 Bittensor (TAO) 图表看起来很疯狂,但有一个问题
- 2024-09-23 16:20:02
- 截至发稿时,Bittensor (TAO) 的价格飙升,突破了 560 美元的关键阻力位,然后小幅回落至 455.88 美元。
-
- Decrypt 的艺术、时尚和娱乐中心
- 2024-09-23 16:10:02
- 美国证券交易委员会已批准一项规则变更,允许纳斯达克国际证券交易所在贝莱德广泛交易的交易所交易基金 iShares 比特币信托 (IBIT) 上列出和交易期权。