CVE-2023-33297
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
52.6%
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| bitcoin:bitcoin_core | bitcoin bitcoin core | lt | 24.1 |
References
en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md
github.com/bitcoin/bitcoin/issues/27586
github.com/bitcoin/bitcoin/issues/27623
github.com/bitcoin/bitcoin/pull/27610
github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544
github.com/visualbasic6/drain
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/
x.com/123456/status/1711601593399828530
Social References
More
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
52.6%