Also covering CVE-2012-2459, CVE-2013-2292, CVE-2017-12842, CVE-2017-18350, CVE-2018-17145, CVE-2020-26895, CVE-2020-26896, and CVE-2021-31876
Common Vulnerabilities and Exposures (CVEs) are serious vulnerabilities that have been cataloged to help developers, researchers, and the public efficiently share information about potential threats.
CVEs with their own topic pages
- CVE-2018-17144 was a bug that could have allowed an attacker to spend the same bitcoins more than once.
CVE-2012-2459: It’s possible to mutate a valid block into an invalid block that commits to the same merkle root. When vulnerable versions of Bitcoin Core saw such an invalid block, they cached its rejection and so would later reject the valid version of the block, which could easily lead to short-term network partitions where users could be tricked into accepting invalid bitcoins. Fixed in Bitcoin 0.6.1.
CVE-2013-2292: A vulnerability in Bitcoin Core that it was believed could have allowed an attacker to create a block that would take over three minutes to verify. Proposed to be fixed in the consensus cleanup soft fork, although the suggestion solution encountered controversy.
CVE-2017-12842: Allows creating an SPV proof for a transaction that doesn’t exist by specially crafting a real 64-byte transaction that gets confirmed in a block. Can be used to steal from SPV clients, although other known attacks against SPV clients are cheaper. Proposed to be fixed in the consensus cleanup soft fork.
CVE-2017-18350: A vulnerability in Bitcoin Core affecting users of SOCKS proxies. Fixed in Bitcoin Core 0.16.0.
CVE-2018-17145: Flooding a node with an excess of
invmessages could lead to the node running out of memory and crashing, increasing the risk of eclipse attacks that can steal money. Affected Bitcoin Core, Btcd, Bcoin, and multiple altcoin nodes. Fixed in Bitcoin Core 0.16.2, Btcd 0.21.0-beta, and Bcoin 1.0.2.
CVE-2020-26895: Vulnerability in LND due to accepting non-standard “high-S” signatures, which could have prevented channels from closing in a timely manner and so allowed funds to be stolen. Fixed in LND 0.10.0-beta.
CVE-2020-26896: Vulnerability in LND due to improperly revealing local preimages in response to foreign routing requests, which could have allowed funds to be stolen. Fixed in LND 0.11.0-beta.
CVE-2021-31876: The BIP125 specification of opt-in Replace By Fee (RBF) says that an unconfirmed parent transaction that signals replaceability makes any child transactions that spend the parent’s outputs also replaceable through inferred inheritance. Bitcoin Core does not implement this behavior; Btcd does implement it.
Primary code and documentation
Optech newsletter and website mentions
- CVE-2020-26896: LND #4752 updates preimage revelation code
- CVE-2020-26896: BOLTs #808 adds warning about improper preimage revelation
- CVE-2020-26895: BOLTs #807 adds warning about non-standard signatures
- CVE-2020-26896: full disclosure of improper preimage revelation
- CVE-2020-26895: full disclosure of on-standard signature acceptance
- CVE-2018-17145: full disclosure of inv out-of-memory DoS attack
- CVE-2017-12842: discussion about minimum transaction size
- CVE-2017-18350: full disclosure of SOCKS proxy vulnerability
- CVE-2012-2459: part of motivation for taproot tagged hashes
- CVE-2012-2459: related to new Bitcoin Core vulnerability disclosure
- CVE-2017-12842: merkle tree fix proposed in consensus cleanup soft fork
- CVE-2013-2292: poor tx verification performance inspires consensus cleanup