Design/Logic Flaw

2013-03-1211:28:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.5%

JSON

The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain.

CPENameOperatorVersion
bitcoin-qteq0.5.0 rc1
bitcoin-qteq0.5.0.4
bitcoin-qteq0.6.0.10 rc4
bitcoin-qteq0.7.1
bitcoin-qteq0.7.0 rc1
bitcoin-qteq0.6.3
bitcoin-qteq0.4.8 rc4
bitcoin-qteq0.5.3.0
bitcoin-qteq0.5.7
bitcoin-qteq0.5.1 rc1

Name	Operator	Version
bitcoin-qt	eq	0.5.0 rc1
bitcoin-qt	eq	0.5.0.4
bitcoin-qt	eq	0.6.0.10 rc4
bitcoin-qt	eq	0.7.1
bitcoin-qt	eq	0.7.0 rc1
bitcoin-qt	eq	0.6.3
bitcoin-qt	eq	0.4.8 rc4
bitcoin-qt	eq	0.5.3.0
bitcoin-qt	eq	0.5.7
bitcoin-qt	eq	0.5.1 rc1