CVE-2018-20587

Published: Feb 11, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.

Affected (2)

Products: Bitcoin: Bitcoin Core · Bitcoinknots: Bitcoin Knots

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Bitcoin Bitcoin Core	From 0.12.0 to 0.17.1
Bitcoinknots Bitcoin Knots	From 0.12.0 to 0.17.0

References (4)

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587

Source: cve@mitre.org

Third Party Advisory

https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b

Source: cve@mitre.org

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.