CVE-2023-37192

Published: Jul 7, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing.

Affected (1)

Products: Bitcoin: Bitcoin Core

Bitcoin

1 product

Bitcoin Core

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bitcoin Bitcoin Core	Version 22.0

Related CWEs

CWE-311

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (6)

https://bitcoin.org/en/bitcoin-core/

Source: cve@mitre.org

Product

https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.youtube.com/watch?v=oEl4M1oZim0

Source: cve@mitre.org

ExploitThird Party Advisory

https://bitcoin.org/en/bitcoin-core/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.youtube.com/watch?v=oEl4M1oZim0

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.