CVE-2018-20586

nvd nist

Published: Mar 12, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.

Affected (51)

Products: Bitcoin: Bitcoin Core

Bitcoin

1 product

Bitcoin Core

Configuration A

51 vulnerable

Vulnerable Software	Affected Versions
Bitcoin Bitcoin Core	Version 0.12.0 rc1
Bitcoin Bitcoin Core	Version 0.12.0 rc2
Bitcoin Bitcoin Core	Version 0.12.0 rc3
Bitcoin Bitcoin Core	Version 0.12.0 rc4
Bitcoin Bitcoin Core	Version 0.12.0 rc5
Bitcoin Bitcoin Core	Version 0.12.1
Bitcoin Bitcoin Core	Version 0.12.1 rc1
Bitcoin Bitcoin Core	Version 0.12.1 rc2
Bitcoin Bitcoin Core	Version 0.13.0
Bitcoin Bitcoin Core	Version 0.13.0 rc1
Bitcoin Bitcoin Core	Version 0.13.0 rc2
Bitcoin Bitcoin Core	Version 0.13.0 rc3
Bitcoin Bitcoin Core	Version 0.13.1
Bitcoin Bitcoin Core	Version 0.13.1 rc1
Bitcoin Bitcoin Core	Version 0.13.1 rc2
Bitcoin Bitcoin Core	Version 0.13.1 rc3
Bitcoin Bitcoin Core	Version 0.13.2
Bitcoin Bitcoin Core	Version 0.13.2 rc1
Bitcoin Bitcoin Core	Version 0.13
Bitcoin Bitcoin Core	Version 0.14.0
Bitcoin Bitcoin Core	Version 0.14.0 rc1
Bitcoin Bitcoin Core	Version 0.14.0 rc2
Bitcoin Bitcoin Core	Version 0.14.0 rc3
Bitcoin Bitcoin Core	Version 0.14.1
Bitcoin Bitcoin Core	Version 0.14.1 rc1
Bitcoin Bitcoin Core	Version 0.14.1 rc2
Bitcoin Bitcoin Core	Version 0.14.2
Bitcoin Bitcoin Core	Version 0.14.2 rc1
Bitcoin Bitcoin Core	Version 0.14.2 rc2
Bitcoin Bitcoin Core	Version 0.14.3
Bitcoin Bitcoin Core	Version 0.15.0.1
Bitcoin Bitcoin Core	Version 0.15.0
Bitcoin Bitcoin Core	Version 0.15.0 rc1
Bitcoin Bitcoin Core	Version 0.15.0 rc2
Bitcoin Bitcoin Core	Version 0.15.0 rc3
Bitcoin Bitcoin Core	Version 0.15.1
Bitcoin Bitcoin Core	Version 0.15.1 rc1
Bitcoin Bitcoin Core	Version 0.15.2
Bitcoin Bitcoin Core	Version 0.16.0
Bitcoin Bitcoin Core	Version 0.16.0 rc1
Bitcoin Bitcoin Core	Version 0.16.0 rc2
Bitcoin Bitcoin Core	Version 0.16.0 rc3
Bitcoin Bitcoin Core	Version 0.16.0 rc4
Bitcoin Bitcoin Core	Version 0.16.1
Bitcoin Bitcoin Core	Version 0.16.1 rc1
Bitcoin Bitcoin Core	Version 0.16.1 rc2
Bitcoin Bitcoin Core	Version 0.16.2
Bitcoin Bitcoin Core	Version 0.16.2 rc1
Bitcoin Bitcoin Core	Version 0.16.2 rc2
Bitcoin Bitcoin Core	Version 0.16.3
Bitcoin Bitcoin Core	Version 0.17.0

Related CWEs

CWE-116

Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References (2)

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586

Source: cve@mitre.org

ExploitVendor Advisory

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.