Vulnerability Description
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep "6231 0500" command.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitcoin | Bitcoin Core | 0.18.0 |
Related Weaknesses (CWE)
References
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947Not Applicable
- https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861bThird Party Advisory
- https://github.com/bitcoin/bitcoin/issues/16824Issue TrackingThird Party Advisory
- https://security.gentoo.org/glsa/202009-18Third Party Advisory
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947Not Applicable
- https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861bThird Party Advisory
- https://github.com/bitcoin/bitcoin/issues/16824Issue TrackingThird Party Advisory
- https://security.gentoo.org/glsa/202009-18Third Party Advisory
FAQ
What is CVE-2019-15947?
CVE-2019-15947 is a vulnerability with a CVSS score of 7.5 (HIGH). In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's ...
How severe is CVE-2019-15947?
CVE-2019-15947 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15947?
Check the references section above for vendor advisories and patch information. Affected products include: Bitcoin Bitcoin Core.