Vulnerability Description
The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitcoin | Bitcoin-Qt | 0.4 |
| Bitcoin | Bitcoin Core | All versions |
| Bitcoin | Bitcoind | 0.4.4 |
Related Weaknesses (CWE)
References
- https://bitcointalk.org/?topic=144122
- https://en.bitcoin.it/wiki/CVE-2013-2293
- https://en.bitcoin.it/wiki/CVEs
- https://bitcointalk.org/?topic=144122
- https://en.bitcoin.it/wiki/CVE-2013-2293
- https://en.bitcoin.it/wiki/CVEs
FAQ
What is CVE-2013-2293?
CVE-2013-2293 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers...
How severe is CVE-2013-2293?
CVE-2013-2293 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2293?
Check the references section above for vendor advisories and patch information. Affected products include: Bitcoin Bitcoin-Qt, Bitcoin Bitcoin Core, Bitcoin Bitcoind.