5
CVSSv2

CVE-2017-12842

Published: 16/03/2020 Updated: 23/03/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

Bitcoin Core prior to 0.14 allows an malicious user to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.

Vulnerability Trend

Affected Products

Vendor Product Versions
BitcoinBitcoin Core0.1.5, 0.1.6, 0.2, 0.2.0, 0.2.2, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.2.10, 0.2.11, 0.2.12, 0.2.13, 0.3, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.3.10, 0.3.11, 0.3.12, 0.3.13, 0.3.14, 0.3.15, 0.3.17, 0.3.18, 0.3.19, 0.3.20, 0.3.20.01, 0.3.20.2, 0.3.21, 0.3.22, 0.3.23, 0.3.24, 0.3rc1, 0.3rc2, 0.3rc4, 0.4.0, 0.4.00, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.3.1, 0.5.4, 0.5.5, 0.5.6, 0.6.0, 0.6.0.1, 0.6.0.2, 0.6.0.3, 0.6.0.4, 0.6.0.5, 0.6.0.6, 0.6.0.7, 0.6.0.8, 0.6.1, 0.6.2, 0.6.2.1, 0.6.2.2, 0.6.3, 0.7.0, 0.7.1, 0.7.2, 0.8, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.9, 0.9.0, 0.9.1, 0.9.2, 0.9.2.1, 0.9.3, 0.9.4, 0.9.5, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.12, 0.12.0, 0.12.1, 0.13, 0.13.0, 0.13.1, 0.13.2