Vulnerability Description
Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup . This vulnerability appears to have been fixed in 5.2.0 and later .
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Copay | Copay Bitcoin Wallet | >= 5.0.1, <= 5.1.0 |
Related Weaknesses (CWE)
References
- https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-uThird Party Advisory
- https://blog.bitpay.com/npm-package-vulnerability-copay/Third Party Advisory
- https://github.com/bitpay/copay/issues/9346ExploitIssue TrackingPatch
- https://github.com/dominictarr/event-stream/issues/116ExploitIssue TrackingPatch
- https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-uThird Party Advisory
- https://blog.bitpay.com/npm-package-vulnerability-copay/Third Party Advisory
- https://github.com/bitpay/copay/issues/9346ExploitIssue TrackingPatch
- https://github.com/dominictarr/event-stream/issues/116ExploitIssue TrackingPatch
FAQ
What is CVE-2018-1000851?
CVE-2018-1000851 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear...
How severe is CVE-2018-1000851?
CVE-2018-1000851 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-1000851?
Check the references section above for vendor advisories and patch information. Affected products include: Copay Copay Bitcoin Wallet.