CVE-2023-50428 — MEDIUM (5.3)

Q: How severe is CVE-2023-50428?

CVE-2023-50428 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-50428?

Check the references section above for vendor advisories and patch information. Affected products include: Bitcoin Bitcoin Core, Bitcoinknots Bitcoin Knots.

Vulnerability Description

In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Bitcoin	Bitcoin Core	>= 0.9, <= 26.0
Bitcoinknots	Bitcoin Knots	>= 0.9, < 25.1

References

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_ExposuresThird Party Advisory
https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068
https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799Issue Tracking
https://github.com/bitcoin/bitcoin/tagsProduct
https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897dRelease Notes
https://twitter.com/LukeDashjr/status/1732204937466032285Issue TrackingThird Party Advisory
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_ExposuresThird Party Advisory
https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068
https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799Issue Tracking
https://github.com/bitcoin/bitcoin/tagsProduct
https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897dRelease Notes
https://twitter.com/LukeDashjr/status/1732204937466032285Issue TrackingThird Party Advisory

FAQ

What is CVE-2023-50428?

CVE-2023-50428 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by I...

How severe is CVE-2023-50428?

CVE-2023-50428 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-50428?

Check the references section above for vendor advisories and patch information. Affected products include: Bitcoin Bitcoin Core, Bitcoinknots Bitcoin Knots.