Published: 12/03/2013 Updated: 18/03/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt prior to 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote malicious users to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bitcoin bitcoin core 0.5.5
bitcoin bitcoin core 0.4.4
bitcoin bitcoin core 0.4.6
bitcoin bitcoin core 0.4.0
bitcoin bitcoin core 0.6.0.2
bitcoin bitcoin core 0.6.0.3
bitcoin bitcoin core 0.6.0.4
bitcoin bitcoind 0.6.4
bitcoin bitcoind 0.6.0.10
bitcoin bitcoin core 0.4.2
bitcoin bitcoin core 0.4.3
bitcoin bitcoin core 0.6.1
bitcoin bitcoin core 0.6.2
bitcoin bitcoin core
bitcoin bitcoin-qt 0.6.0.10
bitcoin bitcoin-qt 0.5.7
bitcoin bitcoin core 0.3.10
bitcoin bitcoin core 0.3.4
bitcoin bitcoin core 0.3.12
bitcoin bitcoin-qt 0.4
bitcoin bitcoin core 0.4.7
bitcoin bitcoin core 0.3.11
bitcoin bitcoin core 0.6.0.1
bitcoin bitcoin core 0.6.0.6
bitcoin bitcoin core 0.5.3
bitcoin bitcoin core 0.6.0.5
bitcoin bitcoin core 0.6.0.7
bitcoin bitcoin core 0.6.0.8
bitcoin bitcoin-qt 0.5.3.0
bitcoin bitcoin core 0.3.8
bitcoin bitcoin core 0.3.5
bitcoin bitcoin core 0.4.1
bitcoin bitcoin core 0.4.5
bitcoin bitcoind 0.7.1
bitcoin bitcoin core 0.5.0
bitcoin bitcoin core 0.5.4
bitcoin bitcoin core 0.5.6
bitcoin bitcoin-qt 0.5.1
bitcoin bitcoin-qt 0.6.3
bitcoin bitcoind 0.5.7
bitcoin bitcoind 0.4.4
bitcoin bitcoin core 0.5.3.1
bitcoin bitcoind 0.6.0.0
bitcoin bitcoind 0.7.0
bitcoin bitcoind 0.6.3
bitcoin bitcoin-qt 0.5.0.4
bitcoin bitcoin-qt 0.5.0
bitcoin bitcoin-qt 0.4.8
bitcoin bitcoin-qt 0.7.0
bitcoin bitcoin-qt 0.7.1

Debian Bug report logs - #705265 CVE-2013-2293 Remote DOS vulnerability in CTransaction::FetchInputs Packages: bitcoind, bitcoin-qt; Maintainer for bitcoind is Debian Cryptocoin Team <team+cryptocoin@trackerdebianorg>; Source for bitcoind is src:bitcoin (PTS, buildd, popcon) Maintainer for bitcoin-qt is Debian Cryptocoin Team &lt ...

Debian Bug report logs - #705266 CVE-2013-2272 remotely triggered info leak (IP address) via series of large transactions Packages: bitcoind, bitcoin-qt; Maintainer for bitcoind is Debian Cryptocoin Team <team+cryptocoin@trackerdebianorg>; Source for bitcoind is src:bitcoin (PTS, buildd, popcon) Maintainer for bitcoin-qt is Debia ...

CWE-399 https://en.bitcoin.it/wiki/CVEs https://bitcointalk.org/?topic=144122 https://en.bitcoin.it/wiki/CVE-2013-2293 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705265

CVE-2013-2293

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect