Vulnerability Description
bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) and enable certain double-spending capabilities via a large block that triggers incorrect Berkeley DB locking.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitcoin | Bitcoin-Qt | <= 0.4.9 |
| Bitcoin | Bitcoin Core | All versions |
| Bitcoin | Bitcoind | <= 0.4.9 |
| Bitcoin | Qitcoin-Qt | 0.6.4 |
Related Weaknesses (CWE)
References
- https://en.bitcoin.it/wiki/BIP_0050Vendor Advisory
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_ExposuresVendor Advisory
- https://en.bitcoin.it/wiki/BIP_0050Vendor Advisory
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_ExposuresVendor Advisory
FAQ
What is CVE-2013-3220?
CVE-2013-3220 is a vulnerability with a CVSS score of 6.4 (MEDIUM). bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excess...
How severe is CVE-2013-3220?
CVE-2013-3220 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3220?
Check the references section above for vendor advisories and patch information. Affected products include: Bitcoin Bitcoin-Qt, Bitcoin Bitcoin Core, Bitcoin Bitcoind, Bitcoin Qitcoin-Qt.