Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-3220

bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) and enable certain double-spending capabilities via a large block that triggers incorrect Berkeley DB locking.

Published

2013-08-02T12:10:40.467

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Primary
CWE-399

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	bitcoin	bitcoin-qt	≤ 0.4.9	Yes
Application	bitcoin	bitcoin-qt	0.4	Yes
Application	bitcoin	bitcoin-qt	0.4.8	Yes
Application	bitcoin	bitcoin-qt	0.5.0	Yes
Application	bitcoin	bitcoin-qt	0.5.0.4	Yes
Application	bitcoin	bitcoin-qt	0.5.1	Yes
Application	bitcoin	bitcoin-qt	0.5.3.0	Yes
Application	bitcoin	bitcoin-qt	0.5.7	Yes
Application	bitcoin	bitcoin-qt	0.5.8	Yes
Application	bitcoin	bitcoin-qt	0.6.0.10	Yes
Application	bitcoin	bitcoin-qt	0.6.3	Yes
Application	bitcoin	bitcoin-qt	0.7.0	Yes
Application	bitcoin	bitcoin-qt	0.7.1	Yes
Application	bitcoin	bitcoin-qt	0.7.2	Yes
Application	bitcoin	bitcoin-qt	0.7.3	Yes
Application	bitcoin	bitcoin_core	*	Yes
Application	bitcoin	bitcoin_core	0.3.4	Yes
Application	bitcoin	bitcoin_core	0.3.5	Yes
Application	bitcoin	bitcoin_core	0.3.8	Yes
Application	bitcoin	bitcoin_core	0.3.10	Yes
Application	bitcoin	bitcoin_core	0.3.11	Yes
Application	bitcoin	bitcoin_core	0.3.12	Yes
Application	bitcoin	bitcoin_core	0.4.0	Yes
Application	bitcoin	bitcoin_core	0.4.1	Yes
Application	bitcoin	bitcoin_core	0.4.1	Yes
Application	bitcoin	bitcoin_core	0.4.2	Yes
Application	bitcoin	bitcoin_core	0.4.3	Yes
Application	bitcoin	bitcoin_core	0.4.4	Yes
Application	bitcoin	bitcoin_core	0.4.4	Yes
Application	bitcoin	bitcoin_core	0.4.5	Yes
Application	bitcoin	bitcoin_core	0.4.6	Yes
Application	bitcoin	bitcoin_core	0.4.7	Yes
Application	bitcoin	bitcoin_core	0.5.0	Yes
Application	bitcoin	bitcoin_core	0.5.3	Yes
Application	bitcoin	bitcoin_core	0.5.3.1	Yes
Application	bitcoin	bitcoin_core	0.5.4	Yes
Application	bitcoin	bitcoin_core	0.5.5	Yes
Application	bitcoin	bitcoin_core	0.5.6	Yes
Application	bitcoin	bitcoin_core	0.6.0.1	Yes
Application	bitcoin	bitcoin_core	0.6.0.2	Yes
Application	bitcoin	bitcoin_core	0.6.0.3	Yes
Application	bitcoin	bitcoin_core	0.6.0.4	Yes
Application	bitcoin	bitcoin_core	0.6.0.5	Yes
Application	bitcoin	bitcoin_core	0.6.0.6	Yes
Application	bitcoin	bitcoin_core	0.6.0.7	Yes
Application	bitcoin	bitcoin_core	0.6.0.8	Yes
Application	bitcoin	bitcoin_core	0.6.1	Yes
Application	bitcoin	bitcoin_core	0.6.2	Yes
Application	bitcoin	bitcoind	≤ 0.4.9	Yes
Application	bitcoin	bitcoind	0.4.4	Yes
Application	bitcoin	bitcoind	0.5.7	Yes
Application	bitcoin	bitcoind	0.5.8	Yes
Application	bitcoin	bitcoind	0.6.0.0	Yes
Application	bitcoin	bitcoind	0.6.0.10	Yes
Application	bitcoin	bitcoind	0.6.3	Yes
Application	bitcoin	bitcoind	0.6.4	Yes
Application	bitcoin	bitcoind	0.6.5	Yes
Application	bitcoin	bitcoind	0.7.0	Yes
Application	bitcoin	bitcoind	0.7.1	Yes
Application	bitcoin	bitcoind	0.7.2	Yes
Application	bitcoin	bitcoind	0.7.3	Yes
Application	bitcoin	qitcoin-qt	0.6.4	Yes
Application	bitcoin	qitcoin-qt	0.6.5	Yes

References

https://en.bitcoin.it/wiki/BIP_0050 Vendor Advisory ([email protected])
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures Vendor Advisory ([email protected])
https://en.bitcoin.it/wiki/BIP_0050 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)