Author: Simon Liu 2015-12-02 07:33:27
Published on: 2015-12-02T07:33:27+00:00
Simon Liu and Peter are discussing an email which was moderated by Pavel JanÃk. Simon is curious about the statement made by another person regarding the undesirability of using a compression library for Bitcoin Improvement Proposal (BIP) which Peter has proposed. Pavel suggests that Simon should search for any vulnerabilities in the selected compression library. He cites several examples of existing CVEs in zlib that can allow an attacker to cause denial of service or application crashes remotely. Simon is concerned about these attacks and wonders if it's worse than other attack vectors that could lead to similar outcomes. Peter suggests isolating the decompression phase by saving incoming compressed blocks to a quarantine folder, and having an external process/daemon to decompress and verify the block's hash.
Updated on: 2023-06-11T01:31:34.119930+00:00