5
MEDIUM

CVE-2018-17144

Published: 19/09/2018 Updated: 10/12/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

Vulnerability Summary

Bitcoin Core 0.14.x prior to 0.14.3, 0.15.x prior to 0.15.2, and 0.16.x prior to 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x prior to 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Vulnerability Trend

Vendor Advisories

Arch Linux Security Advisory ASA-201809-1 ========================================= Severity: Medium Date : 2018-09-22 CVE-ID : CVE-2018-17144 Package : bitcoin-daemon Type : denial of service Remote : Yes Link : securityarchlinuxorg/AVG-766 Summary ======= The package bitcoin-daemon before version 0163-1 is vulnerable to ...
Arch Linux Security Advisory ASA-201809-2 ========================================= Severity: Medium Date : 2018-09-22 CVE-ID : CVE-2018-17144 Package : bitcoin-qt Type : denial of service Remote : Yes Link : securityarchlinuxorg/AVG-766 Summary ======= The package bitcoin-qt before version 0163-1 is vulnerable to denial o ...
Bitcoin Core 014x before 0143, 015x before 0152, and 016x before 0163 and Bitcoin Knots 014x through 016x before 0163 allow a remote denial of service (application crash) exploitable by miners via duplicate input Any attempts to double-spend a transaction output within a single transaction inside of a block where the output being ...

Github Repositories

ban-exploitable-bitcoin-nodes Ban all denial-of-service vulnerability exploitable nodes from your node CVE-2018-17144 Requirements for the bash script (bansh) Command-line JSON processor jq Install on Debian-based Linux sudo apt-get install jq Download and use the script git clone githubcom/iioch/ban-exploitable-bitcoin-nodesgit Run: cd ban-exploitable-bitcoin-node

Bitcoin Candy bitcoincandyone What is Bitcoin candy? Bitcoin candy is a hard fork of Bitcoin Cash Compared to Bitcoin Cash, it brings more attractive featuresï¼? (1) ASIC-resistant POW: Equihash; (2) Amount: 21 billion; (3) Block Interval: 2 minutes; (4) Double way replay protection It became a separate currency from the version supported by Bitcoin Cash

Note about Denial-of-Service vulnerability (Sep 21, 2018): A denial-of-service vulnerability (CVE-2018-17144) exploitable by miners Since BitcoinSaving POW Mining was turn off after Block 2,000 & Switching to POS - Bitcoin SavingCoin is safe and not need any code update githubcom/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0163md#denial-o

Sugarchain Decentralized Cryptocurrency for one-CPU-one-vote 스펙 Sugarchain SPEC Ticker SUGAR Consensus Algorithm Proof-of-Work (YesPoWer 10) Difficulty Algorithm Adjust difficulty every blocks (DarkGravityWave 30) Block Time 18 Seconds Port / RPC 7979 / 7978 Block Reward 50 SUGAR Reward Halving Every 2,500,000 (250만) blocks Max supply 250,000,000 (2

ruimarinho/bitcoin-core A bitcoin-core docker image Tags 0171, 017, latest (017/Dockerfile) 0171-alpine, 017-alpine (017/alpine/Dockerfile) 0163, 016 (016/Dockerfile) 0163-alpine, 016-alpine (016/alpine/Dockerfile) 0151, 015 (015/Dockerfile) 0151-alpine, 015-alpine (015/alpine/Dockerfile) Picking the right tag ruimarinho/bitcoin-core:

Sugarchain Decentralized Cryptocurrency for one-CPU-one-vote 스펙 Sugarchain SPEC Ticker SUGAR Consensus Algorithm Proof-of-Work (YesPoWer 10) Difficulty Algorithm Adjust difficulty every blocks (DarkGravityWave 30) Block Time 18 Seconds Port / RPC 7979 / 7978 Block Reward 50 SUGAR Reward Halving Every 2,500,000 (250만) blocks Max supply 250,000,000 (2

bitzeny-holders-opinion 以下の内容についてBitZenyホルダーの意見を集めます なおnao20010128naoはCoreDevの一人ですが、あくまでも参考にしかなりません。個人的なものです 最終決定はCoreDevによって行われます 投票方法 ZjaTKHiqLV5wsXBAMvqUFKEjAfzbiRGrNzにOP_RETURN(コメント)とともに少額送金 コメント

PoC of BitcoinCore Denial-Of-Service and DoubleSpending CVE-2018-17144 On 18/19 September, bitcoin Core, the mainstream client of Bitcoin, published an article on the serious security of its code A denial-of-service vulnerability exploitable by miners has been discovered in Bitcoin Core versions 0140 up to 0162 It is recommended to upgrade any of the vulnerable versions t

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

References