CVE-2016-10725

Published: Jul 5, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.

Affected (3)

Products: Bitcoin: Bitcoin Core, Bitcoin Qt, Bitcoind

3 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bitcoin Bitcoin Core	Before 0.13.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Bitcoin Bitcoin Qt	Before 0.13.0
Bitcoin Bitcoind	Before 0.13.0

Related CWEs

References (8)

https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure

Source: cve@mitre.org

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

Source: cve@mitre.org

Vendor Advisory

https://github.com/JinBean/CVE-Extension

Source: cve@mitre.org

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html

Source: cve@mitre.org

Third Party Advisory

https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure

Source: af854a3a-2127-422b-91ae-364da2661108

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/JinBean/CVE-Extension

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.