Memory Unencrypted Wallet Vulnerability in Bitcoin Core Software
CVE-2019-15947

7.5HIGH

Key Information:

Vendor

Bitcoin

Status
Bitcoin Core
Vendor
CVE Published:
5 September 2019

What is CVE-2019-15947?

In Bitcoin Core version 0.18.0, wallet.dat files are stored unencrypted in memory, posing a risk to users. If the application crashes, it can produce a core dump that contains sensitive wallet information, including private keys. This allows an attacker, with the right method, to extract and reconstruct the user's wallet data via simple command line tools, significantly risking the security of the user's cryptocurrency holdings.

References

https://gist.github.com/oxagast/50a121b2df32186e0c4841185...
x_refsource_MISC
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exp...
x_refsource_MISC
https://github.com/bitcoin/bitcoin/issues/16824
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-15947 : Memory Unencrypted Wallet Vulnerability in Bitcoin Core Software