Author: LORD HIS EXCELLENCY JAMES HRMH 2019-11-08 17:03:02
Published on: 2019-11-08T17:03:02+00:00
The Bitcoin Core community has disclosed a buffer overflow vulnerability, CVE-2017-18350, which allows a malicious SOCKS proxy server to overwrite the program stack on systems with a signed char type. This vulnerability was introduced in 2012 Aug 27 in Bitcoin Core v0.7.0rc1 and fixed in v0.15.1, 2017 Nov 6 by changing the dummy buffer to an explicitly unsigned data type. In order to be vulnerable, the node must be configured to use such a malicious proxy, and using any proxy over an insecure network like the Internet is potentially dangerous since the connection could be intercepted for such a purpose. Practicalswift discovered and provided the initial fix for the vulnerability, and Wladimir J. van der Laan provided a disguised version of the fix as well as general cleanup to the at-risk code. The timeline of the vulnerability from 2012 to its disclosure in 2019 can be found in the email thread from Luke Dashjr via bitcoin-dev.
Updated on: 2023-06-13T22:13:00.960584+00:00