|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
自 2023 年 5 月以来已修复错误,但 Bitcoin Core 不会自动更新
Bitcoin developers disclosed details of another high-severity software bug on Monday, revealing that over 13% of the home and business computers around the world that enforce Bitcoin’s rules are vulnerable to a remote shutdown.
比特币开发人员周一披露了另一个高严重性软件漏洞的详细信息,显示全球超过 13% 的执行比特币规则的家庭和企业计算机容易受到远程关闭的影响。
The bug, named CVE-2024-35202, affects Bitcoin nodes running Core software prior to version 25.0. Nodes that have not updated to at least 25.0 allow an attacker to remotely exploit an assertion in the software logic that handles block transaction (‘blocktxn’) messages.
该漏洞名为 CVE-2024-35202,影响运行 25.0 版本之前的核心软件的比特币节点。未更新到至少 25.0 的节点允许攻击者远程利用处理块事务(“blocktxn”)消息的软件逻辑中的断言。
Specifically, the vulnerability stems from Core’s compact block protocol, which uses shortened transaction identifiers to reduce internet bandwidth use. An attacker can trigger a collision in these identifiers, causing the node to request a full block.
具体来说,该漏洞源于 Core 的紧凑块协议,该协议使用缩短的交易标识符来减少互联网带宽的使用。攻击者可以触发这些标识符的冲突,导致节点请求完整的块。
Although requesting a full, unabridged block is a safety precaution, software versions prior to 25.0 have a flaw in their handling logic of subsequent blocktxn messages. In short, the node can be forced into an invalid state through manipulating logic gates, causing it to crash entirely.
尽管请求完整的、未删节的区块是一种安全预防措施,但 25.0 之前的软件版本在后续 blocktxn 消息的处理逻辑上存在缺陷。简而言之,可以通过操纵逻辑门迫使节点进入无效状态,导致其完全崩溃。
The vulnerability was discovered and disclosed by Niklas Gögge, who also provided the patch implemented in Bitcoin Core v25.0. He patched this bug in Bitcoin Core pull request number 26898 and other developers had merged it into production by May 26, 2023.
该漏洞由 Niklas Gögge 发现并披露,他还提供了在 Bitcoin Core v25.0 中实现的补丁。他在比特币核心拉取请求编号 26898 中修复了此错误,其他开发人员已于 2023 年 5 月 26 日将其合并到生产中。
According to self-declared values declared by internet-accessible nodes tracked by BitNodes.io, 13.7% of the 18,843 nodes operating the Bitcoin network are vulnerable to the attack. Developers encourage all node operators to update their software to patch this vulnerability. The latest version of Bitcoin Core software is 28.0.
根据 BitNodes.io 跟踪的互联网可访问节点声明的自我声明值,运行比特币网络的 18,843 个节点中有 13.7% 容易受到攻击。开发人员鼓励所有节点运营商更新其软件以修补此漏洞。比特币核心软件的最新版本是28.0。
Bitcoin Core developers have been disclosing details of high-severity bugs in older software versions as of late. Because Core software does not automatically update by default, those operating Bitcoin nodes must manually choose to download, verify, and update their software.
比特币核心开发人员最近一直在披露旧软件版本中高严重性错误的详细信息。由于核心软件默认不会自动更新,因此那些运行比特币节点的人必须手动选择下载、验证和更新其软件。
This vulnerability has little financial benefit to an average attacker, as it requires sophisticated manipulation of the compact block protocol and does not allow for double-spending of bitcoin without coordinating a variety of other financial and social engineering schemes.
该漏洞对普通攻击者来说几乎没有经济利益,因为它需要对紧凑块协议进行复杂的操作,并且在不协调各种其他金融和社会工程方案的情况下不允许双重支出比特币。
However, the vulnerability could be exploited by a corporate or governmental actor who wants to disrupt the operations of Bitcoin for financially-deferred reasons, such as promoting an altcoin or another cryptocurrency project.
然而,该漏洞可能会被企业或政府行为者利用,他们出于财务延期的原因想要破坏比特币的运营,例如推广山寨币或其他加密货币项目。
To stay up to date on the latest news from Bitcoin Magazine, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.
要了解比特币杂志的最新消息,请在 X、Instagram、Bluesky 和 Google News 上关注我们,或订阅我们的 YouTube 频道。
免责声明:info@kdj.com
所提供的信息并非交易建议。根据本文提供的信息进行的任何投资,kdj.com不承担任何责任。加密货币具有高波动性,强烈建议您深入研究后,谨慎投资!
如您认为本网站上使用的内容侵犯了您的版权,请立即联系我们(info@kdj.com),我们将及时删除。
-
- Plus Wallet 15 分钟代币上市震撼加密世界
- 2024-10-11 06:25:01
- 对于加密项目来说,延迟上市可能会导致错失机会并给用户带来很多挫败感。大多数钱包需要长达两周的时间才能列出代币
-
- 布鲁姆币 (BLUM) 价格预测:专家怎么说
- 2024-10-11 06:25:01
- 专家预计 Blum Coin 可能会出现显着增长,预计到 2024 年底其价格将达到约 0.20 美元。