Lucene search

[email protected]NVD:CVE-2023-50428

HistoryDec 09, 2023 - 7:15 p.m.

CVE-2023-50428

2023-12-0919:15:07

[email protected]

web.nvd.nist.gov

bitcoin core

bitcoin knots

vulnerability

datacarrier

bypassed

obfuscating

exploited

inscriptions

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

25.6%

JSON

In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it “not a bug.”

Affected configurations

NVD

Node

bitcoinbitcoin_coreRange0.9–26.0

bitcoinknotsbitcoin_knotsRange0.9–25.1

References

en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53

github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799

github.com/bitcoin/bitcoin/tags

github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md

twitter.com/LukeDashjr/status/1732204937466032285

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

25.6%

JSON

Related for NVD:CVE-2023-50428

prion1 cvelist2 cve2 nvd1