Denial of Service Vulnerability in Bitcoin Software by Bitcoin Foundation
CVE-2013-2293

Currently unrated

Key Information:

Vendor: Bitcoin
Status: Bitcoin-qt; Bitcoind; Bitcoin Core
Vendor: CVE Published:; 12 March 2013

What is CVE-2013-2293?

The CTransaction::FetchInputs method in both bitcoind and Bitcoin-Qt prior to version 0.8.0rc1 contains a flaw that allows attackers to exploit the process of copying transactions from disk to memory. This vulnerability arises from the lack of incremental checks for spent transaction outputs (prevouts), enabling remote attackers to create Bitcoin transactions with multiple inputs. Such exploitation can lead to significant disk I/O consumption, potentially resulting in a denial of service condition.

References

https://en.bitcoin.it/wiki/CVE-2013-2293

x_refsource_CONFIRM

https://bitcointalk.org/?topic=144122

x_refsource_CONFIRM

https://en.bitcoin.it/wiki/CVEs

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 12, 2013