Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-10725

In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.

Published

2018-07-05T22:29:00.327

Last Modified

2024-11-21T02:44:36.137

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-310

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	bitcoin	bitcoin_core	< 0.13.0	Yes
Application	bitcoin	bitcoin-qt	< 0.13.0	Yes
Application	bitcoin	bitcoind	< 0.13.0	Yes

References

https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure ([email protected])
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures Vendor Advisory ([email protected])
https://github.com/JinBean/CVE-Extension ([email protected])
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html Third Party Advisory ([email protected])
https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure (af854a3a-2127-422b-91ae-364da2661108)
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/JinBean/CVE-Extension (af854a3a-2127-422b-91ae-364da2661108)
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)