Vulnerability Description
Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitcoin | Bitcoin Core | < 0.14.0 |
Related Weaknesses (CWE)
References
- https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-trThird Party Advisory
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_ExposuresVendor Advisory
- https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.htmThird Party Advisory
- https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-trThird Party Advisory
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_ExposuresVendor Advisory
- https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.htmThird Party Advisory
FAQ
What is CVE-2017-12842?
CVE-2017-12842 is a vulnerability with a CVSS score of 7.5 (HIGH). Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack...
How severe is CVE-2017-12842?
CVE-2017-12842 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12842?
Check the references section above for vendor advisories and patch information. Affected products include: Bitcoin Bitcoin Core.