Lucene search

Veracode Vulnerability DatabaseVERACODE:42264

HistoryAug 06, 2023 - 2:14 p.m.

Arbitrary Code Execution

2023-08-0614:14:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

arbitrary code execution

bitcoin

dogecoin

unsafe argument passing

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.01 Low

EPSS

Percentile

83.7%

JSON

Bitcoin and Dogecoin are vulnerable Arbitrary Code Execution. The vulnerability is due to the application unsafely passing the -platformpluginpath argument, which can be triggered by a .desktop file resulting in arbitrary code execution.

CPENameOperatorVersion
dogecoin:sideq1.14.2-1
dogecoin:sideq1.14.2-1

CPE	Name	Operator	Version
	dogecoin:sid	eq	1.14.2-1
	dogecoin:sid	eq	1.14.2-1

References

achow101.com/2021/02/0.18-uri-vuln

github.com/bitcoin/bitcoin/pull/16578

security-tracker.debian.org/tracker/CVE-2021-3401

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for VERACODE:42264