Difference between revisions of "Common Vulnerabilities and Exposures"

From Bitcoin Wiki
Jump to: navigation, search
(Include unaffected in Fix %)
(Decluttering)
Line 1: Line 1:
 
{| class="wikitable"
 
{| class="wikitable"
 
!style="width:14ex"| CVE
 
!style="width:14ex"| CVE
! Announced !! Affects !! Flaw !! Fixed in versions !! Links !! Live
+
! Announced !! Affects !! Flaw !! Live
 
|-
 
|-
| CVE-2010-5137
+
| [[CVE-2010-5137]]
 
| 2010-07-28
 
| 2010-07-28
 
| wxBitcoin and bitcoind
 
| wxBitcoin and bitcoind
 
| OP_LSHIFT crash
 
| OP_LSHIFT crash
| 0.3.5
 
| [[Incidents#LSHIFT and RETURN bugs|Incident]]
 
 
|bgcolor=lime| 100%
 
|bgcolor=lime| 100%
 
|-
 
|-
Line 15: Line 13:
 
| wxBitcoin and bitcoind
 
| wxBitcoin and bitcoind
 
| Unlimited SigOp DoS
 
| Unlimited SigOp DoS
| 0.3.?
 
| [[Incidents#OP CHECKSIG abuse|Incident]]
 
 
|bgcolor=lime| 100%
 
|bgcolor=lime| 100%
 
|-
 
|-
Line 23: Line 19:
 
| wxBitcoin and bitcoind
 
| wxBitcoin and bitcoind
 
| Combined output overflow
 
| Combined output overflow
| 0.3.11
 
| [[Incidents#Value overflow|Incident]] [https://bitcointalk.org/index.php?topic=822.0 Discovery]
 
 
|bgcolor=lime| 100%
 
|bgcolor=lime| 100%
 
|-
 
|-
Line 31: Line 25:
 
| wxBitcoin and bitcoind
 
| wxBitcoin and bitcoind
 
| Sending coins w/o sufficient fees
 
| Sending coins w/o sufficient fees
| 0.3.13
 
| [[Incidents#Micropayment contamination|Incident]] [http://www.bitcoin.org/smf/index.php?topic=1306.0 Initial reports]
 
 
|bgcolor=lime| 100%
 
|bgcolor=lime| 100%
 
|-
 
|-
Line 39: Line 31:
 
| wxBitcoin and bitcoind
 
| wxBitcoin and bitcoind
 
| Wallet (non-)encryption
 
| Wallet (non-)encryption
| 0.4.1, 0.5.0
 
| [https://bitcointalk.org/index.php?topic=51604.0 Announcement] [https://bitcointalk.org/index.php?topic=51474.0 Finding] [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
 
 
|bgcolor=yellow| 88.5%
 
|bgcolor=yellow| 88.5%
 
|-
 
|-
Line 47: Line 37:
 
| Bitcoin protocol
 
| Bitcoin protocol
 
| Transaction overwriting
 
| Transaction overwriting
| BIP 30, 0.4.4, 0.5.0.4, 0.5.3, 0.6.0rc3
 
| [https://bitcointalk.org/index.php?topic=67738.0 Announcement] [https://en.bitcoin.it/wiki/BIP_0030 Fix]
 
 
|bgcolor=pink| 28.9%
 
|bgcolor=pink| 28.9%
 
|-
 
|-
Line 55: Line 43:
 
| Bitcoin-Qt for Windows
 
| Bitcoin-Qt for Windows
 
| MingW non-multithreading
 
| MingW non-multithreading
| 0.5.0.5, 0.5.3.1, 0.5.4, 0.6.0rc4
 
| [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
 
 
|bgcolor=pink| 82.2%
 
|bgcolor=pink| 82.2%
 
|-
 
|-
Line 63: Line 49:
 
| bitcoind and Bitcoin-Qt
 
| bitcoind and Bitcoin-Qt
 
| TBD
 
| TBD
| 0.4.6, 0.5.5, 0.6.0.7, and 0.6.2
 
| [https://bitcointalk.org/index.php?topic=81749.0 Announcement]
 
 
|bgcolor=pink| 17.8%
 
|bgcolor=pink| 17.8%
 
|}
 
|}

Revision as of 22:13, 29 May 2012

CVE Announced Affects Flaw Live
CVE-2010-5137 2010-07-28 wxBitcoin and bitcoind OP_LSHIFT crash 100%
CVE-2010-5138 2010-07-29 wxBitcoin and bitcoind Unlimited SigOp DoS 100%
CVE-2010-5139 2010-08-15 wxBitcoin and bitcoind Combined output overflow 100%
CVE-2010-5140 2010-09-29 wxBitcoin and bitcoind Sending coins w/o sufficient fees 100%
CVE-2011-4447 2011-11-11 wxBitcoin and bitcoind Wallet (non-)encryption 88.5%
CVE-2012-1909 2012-03-07 Bitcoin protocol Transaction overwriting 28.9%
CVE-2012-1910 2012-03-17 Bitcoin-Qt for Windows MingW non-multithreading 82.2%
CVE-2012-2459 2012-05-14 bitcoind and Bitcoin-Qt TBD 17.8%