Alert Override Issue in Bitcoin Core and Altcoin Software
CVE-2016-10725

7.5HIGH

Key Information:

Vendor

Bitcoin

Status
Bitcoin Core
Vendor
CVE Published:
5 July 2018

What is CVE-2016-10725?

In Bitcoin Core versions prior to v0.13.0, a design flaw in the alert system allows non-final alerts to obstruct final alerts, which are intended to take precedence and override all other notifications. This flaw arises from incorrect operational sequencing in the deprecated remote network alert system. This issue is not isolated to Bitcoin Core; it also affects Bitcoin Knots and a variety of alternative cryptocurrencies that utilize the same code foundation.

References

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2...
x_refsource_MISC
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exp...
x_refsource_MISC
https://github.com/JinBean/CVE-Extension
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.