SPV Proof Validation Vulnerability in Bitcoin Core by Bitcoin
CVE-2017-12842

7.5HIGH

Key Information:

Vendor

Bitcoin

Status
Bitcoin Core
Vendor
CVE Published:
16 March 2020

What is CVE-2017-12842?

A vulnerability in Bitcoin Core prior to version 0.14 allows attackers to forge valid-looking Simplified Payment Verification (SPV) proofs for transactions. This could mislead users of SPV wallets, as the proof may indicate a payment that never took place. Although carrying a high cost for exploitation, the vulnerability becomes critical in scenarios where automated systems make large transactions based solely on SPV proofs.

References

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exp...
x_refsource_MISC
https://bitslog.wordpress.com/2018/06/09/leaf-node-weakne...
x_refsource_MISC
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.