GitHub Advisory DatabaseGHSA-HX3R-JV9Q-85JWBitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145)
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
79.9%
There was an easily exploitable uncontrolled memory resource consumption denial-of-service vulnerability that existed in the peer-to-peer network code of three implementations of Bitcoin and several alternative chains.
For more details please see:
https://invdos.net/
For the paper:
https://invdos.net/paper/CVE-2018-17145.pdf
Affected configurations
References
en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145
github.com/advisories/GHSA-hx3r-jv9q-85jw
github.com/bcoin-org/bcoin/security/advisories/GHSA-hx3r-jv9q-85jw
github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md
invdos.net
invdos.net/paper/CVE-2018-17145.pdf
nvd.nist.gov/vuln/detail/CVE-2018-17145
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
79.9%