|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
开源比特币核心项目的工作人员负责维护该软件在超过 98% 的可到达全节点上运行,他们透露,存在一个重大问题
Bitcoin Core developers have disclosed a new, high severity critical denial-of-service (DoS) software bug on one in every six Bitcoin nodes.
比特币核心开发人员披露了每六个比特币节点中就有一个存在新的高严重性拒绝服务(DoS)软件漏洞。
The critical software bug affects all Bitcoin Core software prior to version 24.0.1, which was released on December 12, 2022. This bug could allow a malicious actor to crash Bitcoin full nodes by spamming them with low-difficulty header chains.
该关键软件错误影响 2022 年 12 月 12 日发布的 24.0.1 版本之前的所有比特币核心软件。该错误可能允许恶意行为者通过向比特币完整节点发送低难度标头链来破坏比特币完整节点。
According to surveillance estimates from Bitnodes, there are approximately 19,200 self-declared user agents of reachable Bitcoin full nodes. Of these nodes, 3,330 are running software that is vulnerable to this DoS attack.
根据 Bitnodes 的监测估计,大约有 19,200 个自称可访问的比特币全节点用户代理。在这些节点中,有 3,330 个正在运行容易受到这种 DoS 攻击的软件。
This bug was patched in Bitcoin Core pull request (PR) 25717, which was merged into production with the v24.0.1 release. The latest version of Bitcoin Core node software is 27.1, which includes this and other bug fixes.
该错误已在 Bitcoin Core Pull Request (PR) 25717 中修复,该请求已随 v24.0.1 版本合并到生产中。比特币核心节点软件的最新版本是 27.1,其中包括此错误修复和其他错误修复。
While this DoS vulnerability is considered high severity, there have been few known exploits of this bug on the public record. This is likely due to the fact that the attack is quite expensive to generate and broadcast the necessary header chains. Additionally, the attack provides little financial benefit to the attacker.
虽然此 DoS 漏洞被认为是高度严重的,但公共记录中很少有针对此漏洞的已知利用。这可能是因为攻击生成和广播必要的标头链的成本相当昂贵。此外,这种攻击给攻击者带来的经济利益微乎其微。
However, this bug does present a security vulnerability that could be exploited by an extremely wealthy, powerful, or sophisticated actor — such as a nation — who may be interested in disrupting the operations of Bitcoin for non-financial or financially-deferred reasons.
然而,这个错误确实存在一个安全漏洞,可能会被极其富有、强大或经验丰富的参与者(例如一个国家)利用,这些参与者可能有兴趣出于非财务或财务延迟的原因破坏比特币的运营。
Bitcoin Core developers began disclosing serious bugs in early June that had been patched for at least 18 months. Initially, they disclosed bugs in Bitcoin Core versions 20 and below, out of a desire to be transparent and to thank developers for their voluntary, responsible disclosures.
Bitcoin Core 开发人员于 6 月初开始披露严重错误,这些错误已经修补了至少 18 个月。最初,他们披露了比特币核心版本 20 及以下版本中的错误,出于透明的愿望并感谢开发人员自愿、负责任的披露。
Every few weeks, they disclosed more software bugs, in the interest of transparency and to thank developers for their voluntary, responsible disclosures.
每隔几周,他们就会披露更多的软件错误,以提高透明度,并感谢开发人员自愿、负责任的披露。
As the months have passed, however, the Bitcoin Core Project has disclosed bugs affecting more and more recent software versions. Thursday’s disclosure highlights significant risks to Bitcoin Core software versions 24 and prior, including software as recent as May 18, 2023.
然而,几个月过去了,比特币核心项目披露了影响越来越多最新软件版本的错误。周四的披露强调了比特币核心软件版本 24 及之前的重大风险,包括最近到 2023 年 5 月 18 日的软件。
Many observers initially dismissed the historical bug transparency roll-out as a historical curiosity, but it is quickly having a present-day impact. Unless Bitcoin node operators update their software, up to 17% of the network could be at risk of a DoS attack.
许多观察家最初将历史性错误透明度的推出视为一种历史好奇心,但它很快就产生了当今的影响。除非比特币节点运营商更新其软件,否则高达 17% 的网络可能面临 DoS 攻击的风险。
免责声明:info@kdj.com
所提供的信息并非交易建议。根据本文提供的信息进行的任何投资,kdj.com不承担任何责任。加密货币具有高波动性,强烈建议您深入研究后,谨慎投资!
如您认为本网站上使用的内容侵犯了您的版权,请立即联系我们(info@kdj.com),我们将及时删除。
-
- 代币解锁:您需要了解的内容
- 2024-09-20 20:40:02
- 代币解锁是加密货币领域反复发生的事件。阻止它们几乎是不可能的。一般来说,令牌解锁是每个加密货币的一部分
-
- Kabosu 赢得了我们的心并创立了 Atsuko Sato Meta
- 2024-09-20 20:35:05
- 总督社区的许多人哀悼卡博苏的去世,并通过表情包和衷心的信息表达敬意。 Kabosu博客收集了Kabosu生活中的感人时刻。
-
- 中本聪时代比特币 (BTC) 矿工钱包休眠 15.5 年开始转移 BTC
- 2024-09-20 20:35:05
- 据链上追踪公司 Lookonchain 称,这些比特币矿工钱包在 2009 年获得了每个区块 50 BTC 作为挖矿奖励。
-
- 夺取泰坦:主宰 $SFM 空投场景
- 2024-09-20 20:30:01
- Airdrop Mavericks:Blaze Your SAFEMOON Claiming Trail ARB Buff Follow - 聆听分享领取 $SFM 代币空投的分步指南
-
- $SEI 空投狂潮 — 快行动吧!
- 2024-09-20 20:30:01
- $SEI 空投领取 — 完整指南
-
- Jupiter Token (JUP) 24 小时内飙升近 13%,达到 0.8864 美元,成为头条新闻
- 2024-09-20 20:30:01
- JUP 价格的上涨是在 Jupiter 交易所最近宣布收购之后发生的。在周五的 Solana Breakpoint 活动上,联合创始人 Siong Ong 透露,Jupiter 已收购区块链浏览器 SolanaFM。
-
- 1inch crypto推出Fusion+,这是其生态系统的重大升级
- 2024-09-20 20:30:01
- 1inch 代币对其生态系统进行了重大升级:Fusion+。它继承了其前身的遗产,并在以下方面进行了改进
-
- 马龙·林 (Malone Lam) 和让迪尔·塞拉诺 (Jeandiel Serrano) 因利用被盗比特币洗钱 2.3 亿美元而被捕
- 2024-09-20 20:30:01
- 联邦调查局 (FBI) 逮捕了两名涉嫌盗窃和洗钱超过 2.3 亿美元比特币 (BTC) 的人
-
- 超级特朗普币 (STRUMP) 每周上涨 18.99%,由唐纳德·特朗普相关新闻和市场情绪提供
- 2024-09-20 20:30:01
- 超级特朗普币(STRUMP)几周来一直在 0.007431 美元至 0.004837 美元之间的盘整区间内交易。