Published: 12/03/2013 Updated: 18/03/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt prior to 0.4.9rc1, 0.5.x prior to 0.5.8rc1, 0.6.0 prior to 0.6.0.11rc1, 0.6.1 up to and including 0.6.5 prior to 0.6.5rc1, and 0.7.x prior to 0.7.3rc1 allows remote malicious users to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bitcoin bitcoind 0.6.4
bitcoin bitcoind 0.6.0.10
bitcoin bitcoind 0.7.0
bitcoin bitcoin core 0.5.6
bitcoin bitcoin core 0.5.5
bitcoin bitcoin core 0.5.4
bitcoin bitcoin core 0.5.3.1
bitcoin bitcoin-qt 0.5.0.4
bitcoin bitcoin-qt 0.5.1
bitcoin bitcoin-qt 0.5.0
bitcoin bitcoin core 0.3.10
bitcoin bitcoin core 0.3.4
bitcoin bitcoin core 0.3.12
bitcoin bitcoin core 0.5.0
bitcoin bitcoin core 0.6.0.7
bitcoin bitcoin core 0.6.0.8
bitcoin bitcoin core 0.6.0.2
bitcoin bitcoin core 0.6.0.3
bitcoin bitcoin core 0.6.0.4
bitcoin bitcoin core 0.6.0.5
bitcoin bitcoin-qt 0.7.1
bitcoin bitcoin-qt 0.7.2
bitcoin bitcoin-qt 0.6.0.10
bitcoin bitcoin-qt 0.5.7
bitcoin bitcoind 0.5.7
bitcoin bitcoin core 0.6.2
bitcoin bitcoin core 0.6.0.1
bitcoin bitcoin-qt 0.5.3.0
bitcoin bitcoin core 0.3.8
bitcoin bitcoin core 0.4.6
bitcoin bitcoin core 0.4.2
bitcoin bitcoin core 0.4.5
bitcoin bitcoin core 0.3.11
bitcoin bitcoin core 0.6.0.6
bitcoin bitcoin core 0.6.1
bitcoin bitcoind 0.6.3
bitcoin bitcoind 0.7.2
bitcoin bitcoin-qt 0.7.0
bitcoin bitcoin-qt
bitcoin bitcoin core 0.4.7
bitcoin bitcoin core 0.4.3
bitcoin bitcoin core 0.3.5
bitcoin bitcoin core 0.4.0
bitcoin bitcoin core 0.4.4
bitcoin bitcoin core 0.4.1
bitcoin bitcoind 0.7.1
bitcoin bitcoin-qt 0.4
bitcoin bitcoind
bitcoin bitcoin core 0.5.3
bitcoin bitcoin core
bitcoin bitcoin-qt 0.6.3
bitcoin bitcoind 0.6.0.0

Debian Bug report logs - #705265 CVE-2013-2293 Remote DOS vulnerability in CTransaction::FetchInputs Packages: bitcoind, bitcoin-qt; Maintainer for bitcoind is Debian Cryptocoin Team <team+cryptocoin@trackerdebianorg>; Source for bitcoind is src:bitcoin (PTS, buildd, popcon) Maintainer for bitcoin-qt is Debian Cryptocoin Team &lt ...

Debian Bug report logs - #705266 CVE-2013-2272 remotely triggered info leak (IP address) via series of large transactions Packages: bitcoind, bitcoin-qt; Maintainer for bitcoind is Debian Cryptocoin Team <team+cryptocoin@trackerdebianorg>; Source for bitcoind is src:bitcoin (PTS, buildd, popcon) Maintainer for bitcoin-qt is Debia ...

CWE-200 https://en.bitcoin.it/wiki/CVEs https://bitcointalk.org/?topic=135856 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705265

CVE-2013-2272

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect