Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1909

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-1909
Last Modified 07 Aug 2012 12:00:00
Published 06 Aug 2012 12:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1909

Summary

The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction.

Vulnerable Systems

Application

  • Bitcoin-qt

  • Bitcoind 0.3.10

  • Bitcoind 0.3.11

  • Bitcoind 0.3.12

  • Bitcoind 0.3.4

  • Bitcoind 0.3.5

  • Bitcoind 0.3.8

  • Bitcoind 0.4.0

  • Bitcoind 0.4.1

  • Bitcoind 0.4.4

  • Wxbitcoin


References

CONFIRM - https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531

CONFIRM - https://en.bitcoin.it/wiki/CVEs

CONFIRM - https://en.bitcoin.it/wiki/BIP_0030

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=407793

CONFIRM - https://bitcointalk.org/index.php?topic=67738.0

MLIST - [bitcoin-development] 20120228 Duplicate transactions vulnerability

MISC - http://r6.ca/blog/20120206T005236Z.html


Last Updated: 27 May 2016 10:57:34