CVE-2018-17144

Name
CVE-2018-17144
Description
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md
Patch https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md
Third Party Advisory https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144
Vendor Advisory https://bitcoincore.org/en/2018/09/18/release-0.16.3/
MISC https://github.com/JinBean/CVE-Extension

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:bitcoincore:bitcoin_core:*:*:*:*:*:*:*:* bitcoin_core >= 0.14.0 < 0.14.3
cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:* bitcoin_knots >= 0.14.0 < 0.16.3
cpe:2.3:a:bitcoincore:bitcoin_core:*:*:*:*:*:*:*:* bitcoin_core >= 0.16.0 < 0.16.3
cpe:2.3:a:bitcoincore:bitcoin_core:*:*:*:*:*:*:*:* bitcoin_core >= 0.15.0 < 0.15.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status