Bitcoin Forum>Other>Beginners & Help
Author

Topic: List Of Bitcoin Vulnerabilities (Read 284 times)

Westingcote
member
Activity: 110
Merit: 131
List Of Bitcoin Vulnerabilities
July 25, 2021, 09:02:33 AM
#12
I am working on a explanation for some of these vulnerabilities but trying to put it into a easy to understand way. I am struggling with some of the explanations which I have opened some topics about if you would like to help with the explanations.

Quote from: TravelMug on May 21, 2020, 09:01:51 PM
No offense to the OP, but do you honestly think that newcomers are interested on those so called vulnerabilities? Most of them are asking about wallets, and wallet securities and when Lambo? when Moon?  Smiley

I don't think they will care much about this subject matter.

There you go, they are all well documented in that link.
I hope so they should be aware of the different vulnerabilities and understand that Bitcoin or the software they use for their Bitcoin is not bulletproof.
Velkro
legendary
Activity: 2296
Merit: 1014
Re: List Of Bitcoin Vulnerabilities
May 22, 2020, 05:31:03 PM
#11
Quote from: Westingcote on May 21, 2020, 07:36:40 AM
Over the years Bitcoin has suffered 44 documented vulnerabilities ranging from severe to harmless but before we take a look at them I
Thats nice summary.
On top of that it shows how much work devs doing, which is invisible to 95% of Bitcoin users i bet or even more.
Most active devs will have their name written in history books, its that important.
TravelMug
hero member
Activity: 2632
Merit: 833
Re: List Of Bitcoin Vulnerabilities
May 21, 2020, 09:01:51 PM
#10
No offense to the OP, but do you honestly think that newcomers are interested on those so called vulnerabilities? Most of them are asking about wallets, and wallet securities and when Lambo? when Moon?  Smiley

I don't think they will care much about this subject matter.

Quote from: Yaunfitda on May 21, 2020, 08:37:21 PM
You don't need to research it, everything is well-written, with links from those CVE's here.

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

There you go, they are all well documented in that link.
hatshepsut93
legendary
Activity: 3024
Merit: 2148
Re: List Of Bitcoin Vulnerabilities
May 21, 2020, 08:54:31 PM
#9
Just because there are vulnerabilities, doesn't mean something is horribly broken. I think it's actually optimistic that Bitcoin has so little vulnerabilities, compared to other systems like server software or OS's that have thousands of vulnerabilities, yet they are still used daily be everyone. Bitcoin's problems like volatility or slow adoption are far bigger concerns than programming mistakes, and those things don't get communicated to newbies much.
Yaunfitda
hero member
Activity: 2870
Merit: 594
Re: List Of Bitcoin Vulnerabilities
May 21, 2020, 08:37:21 PM
#8
You don't need to research it, everything is well-written, with links from those CVE's here.

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
khaled0111
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
Re: List Of Bitcoin Vulnerabilities
May 21, 2020, 06:39:57 PM
#7
There is no such thing as bug-free code and bitcoin is not an exception. Probably, there are more but haven't been discovered yet.

Did anyone manage to steal someone else's coins by successfully exploiting a vulnerability in the bitcoin's protocol! Correct me if am wrong but am not aware of any similar incident.
JeromeTash
legendary
Activity: 2338
Merit: 1261
Heisenberg
Re: List Of Bitcoin Vulnerabilities
May 21, 2020, 01:39:20 PM
#6
Quote from: BrewMaster on May 21, 2020, 12:17:02 PM
the topic title is a bit misleading since these are not list of vulnerabilities, but these are list of historical bugs found in bitcoin clients and are already fixed.
not to mention some may not be categorized as "vulnerability" in my opinion and some don't even concern bitcoin like the lightning network related ones listed here.
How i don't like folks come here with their clickbait  titles yet the content is totally different. They think that when they pop up here to talk about "Bitcoin Vulnerabilities"  People will play attention to them  Sad
BrewMaster
legendary
Activity: 2128
Merit: 1293
There is trouble abrewing
Re: List Of Bitcoin Vulnerabilities
May 21, 2020, 12:17:02 PM
#5
the topic title is a bit misleading since these are not list of vulnerabilities, but these are list of historical bugs found in bitcoin clients and are already fixed.
not to mention some may not be categorized as "vulnerability" in my opinion and some don't even concern bitcoin like the lightning network related ones listed here.
bob123
legendary
Activity: 1624
Merit: 2481
Re: List Of Bitcoin Vulnerabilities
May 21, 2020, 10:11:08 AM
#4
Quote from: Westingcote on May 21, 2020, 07:36:40 AM
Over the years Bitcoin has suffered 44 documented vulnerabilities [...]

All (except one) of those mentioned vulnerabilities are vulnerabilities of a software used, not the bitcoin protocol.

That's like saying:
There are X email vulnerabilities... and then only mentioning vulnerabilities from specific email clients.
or..
There are X internet vulnerabilities.. and then mentioning vulnerabilities from random internet services.

The protocol had vulnerabilities in the early phase, i am not denying that.
But those vulnerabilities you mentioned are completely irrelevant in the context of "bitcoin vulnerabilities". They have nothing to do with the protocol itself, but with bitcoin related software.
hd49728
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
Re: List Of Bitcoin Vulnerabilities
May 21, 2020, 09:45:59 AM
#3
Now, after the halving, after price rose some fold from the bottom in March, it is time to discuss about Bitcoin's vulnerabilities? Is it the right time to do so?  Smiley
Westingcote
member
Activity: 110
Merit: 131
Re: List Of Bitcoin Vulnerabilities
May 21, 2020, 07:37:31 AM
#2
I am researching the vulnerabilities and will be including a explanation of how it happens if anyone can provide explanations in this topic that would be great

hopefully this is useful to anyone researching about Bitcoin
Westingcote
member
Activity: 110
Merit: 131
Re: List Of Bitcoin Vulnerabilities
May 21, 2020, 07:36:40 AM
#1
In this forum everyone talks about the positives of Bitcoin but I thought it would be interesting to have a look at the negatives of Bitcoin and look at the vulnerabilities Bitcoin has suffered through Bitcoin clients and other software like Bitcoin Knots and wxBitcoin. I think it is important for newcomers to cryptocurrency to comprehend the dangers and the history of the vulnerabilities and exposures in order to be aware of the different types of risks that could be conceivable in the future. All of the listed vulnerabilities will already have a solution and I think it's important to think about that too. Throughout history of Bitcoin and the software used for access Bitcoin has experienced 44 documented vulnerabilities ranging from severe to harmless but before we look at them I would like to make it clarify that this is not a anti Bitcoin post and Bitcoin isn't only influenced by the weaknesses below.

I have before talked about negatives of Bitcoin and "timejacking"


CVEAnnouncedAffectsSeverity
______________________________________________________________________________________________________
CVE-2010-51372010-07-28wxBitcoin and bitcoindNetsplit
CVE-2010-51412010-07-28wxBitcoin and bitcoindDoS
CVE-2010-51382010-07-29 wxBitcoin and bitcoindTheft
CVE-2010-51392010-08-15 wxBitcoin and bitcoindDoS
CVE-2010-51402010-09-29wxBitcoin and bitcoindInflation
CVE-2011-44472011-11-11wxBitcoin and bitcoindDoS
CVE-2012-19092012-03-07 Bitcoin protocol and all clients Exposure
CVE-2012-19102012-03-17 bitcoind & Bitcoin-Qt for Windows Netsplit
BIP 00162012-04-01All Bitcoin clientsUnknown
CVE-2012-24592012-05-14 bitcoind and Bitcoin-QtFake Conf
CVE-2012-37892012-06-20 bitcoind and Bitcoin-QtNetsplit
CVE-2012-4682-bitcoind and Bitcoin-QtDoS
CVE-2012-46832012-08-23 bitcoind and Bitcoin-QtDoS
CVE-2012-46842012-08-24bitcoind and Bitcoin-QtDoS
CVE-2013-22722013-01-11 bitcoind and Bitcoin-QtDoS
CVE-2013-22732013-01-30bitcoind and Bitcoin-QtDoS
CVE-2013-22922013-01-30bitcoind and Bitcoin-QtExposure
CVE-2013-22932013-02-14bitcoind and Bitcoin-QtExposure
CVE-2013-32192013-03-11bitcoind and Bitcoin-Qt 0.8.0 DoS
CVE-2013-32202013-03-11bitcoind and Bitcoin-Qt DoS
BIP 00342013-03-25All Bitcoin clients Fake Conf
BIP 00502013-05-15All Bitcoin clients Netsplit
CVE-2013-46272013-06-?? bitcoind and Bitcoin-QtDoS
CVE-2013-41652013-07-20bitcoind and Bitcoin-QtTheft
CVE-2013-57002013-09-04bitcoind and Bitcoin-Qt 0.8.x DoS
CVE-2014-01602014-04-07Anything using OpenSSL for TLS Unknown
CVE-2015-36412014-07-07bitcoind and Bitcoin-Qt prior to 0.10.2 DoS
BIP 66 2015-02-13 All Bitcoin clientsFake Conf
BIP 65 2015-11-12All Bitcoin clientsFake Conf
BIPs 68, 112 & 113 2016-04-11 All Bitcoin clientsFake Conf
BIPs 141, 143 & 147  2016-10-27All Bitcoin clientsFake Conf
CVE-2016-8889 2016-10-27Bitcoin Knots GUI 0.11.0 - 0.13.0Exposure
CVE-2017-9230  -Bitcoin?
BIP 148  2017-03-12All Bitcoin clientsFake Conf
CVE-2017-12842 2018-06-09--
CVE-2016-10724 2018-07-02bitcoind and Bitcoin-Qt prior to 0.13.0 DoS
CVE-2016-10725 2018-07-02bitcoind and Bitcoin-Qt prior to 0.13.0 DoS
CVE-2018-17144 2018-09-17 bitcoind and Bitcoin-Qt prior to 0.16.3 Inflation
CVE-2018-205872019-02-08Bitcoin Knots prior to 0.17.1 & all Bitcoin Core releases Theft
CVE-2017-18350 2019-06-22bitcoind and Bitcoin-Qt prior to 0.17.1 Unknown
CVE-2018-20586 2019-06-22bitcoind and Bitcoin-Qt prior to 0.17.1 Deception
CVE-2019-12998 2019-08-30c-lightning prior to 0.7.1 Theft
CVE-2019-129992019-08-30lnd prior to 0.7Theft
CVE-2019-1300 2019-08-30eclair prior to 0.3Theft
44 Vunerabilities
______________________________________________________________________________________________________
Source

Table FAQ

1. What does CVE mean?
CVE is abbreviated as Common Vulnerabilities & Exposures which is a method for referencing security vulnerabilities and exposures by including the date of discovery and a ID number to identify what vulnerability or exposure that is being referenced.

2. What does "Announced" mean?
Announced means the date that the CVE was addressed formerly because of the way security works in software it would be a bad idea to make a vulnerability public at the time of discovery because it might have severe consequences to the software and its users and could cause a lot of damage. In the security world it is normal for a person to report a bug privately so that the developers can patch the vulnerability and then come out with an announcement that a bug was present and has now been patched.

3. What do the different terms mean under severity?

DoS
Denial of service which is an attack to prevent a service from being accessed as normal.

NetSplit
An attacker can create a new network which is independent from the Bitcoin network and can allow double spending.

Theft
Attacker would be able to take coins without being confined to the normal Bitcoin network rules.

Fake Conf
An attacker can make double spend transactions.

Exposure
User data can be stolen by an attacker.

Inflation
Attacker can create Bitcoins and insert them into the network which would allow the attacker to create more coins than the 21 million hard limit imposed by the normal network rules.

CVE-2010-5137

This vulnerability allowed remote attackers to cause a denial of service attack (DoS) by crashing the Bitcoin daemon service via a transaction containing an OP_LSHIFT script opcode. This affected all versions of bitcoind
wxBitcoin up to 0.3.4. The vulnerability was fixed in version 0.3.5 and all remaining unused script words were disabled as a precaution.

CVE-2010-5141
This vulnerability allowed a remote attacker to spend coins on the network that they did not own by using unspecified vectors. This vulnerability was tested on the test network of Bitcoin and did not occur on the main chain. The bug affected bitcoind wxBitcoin  up to 0.3.4 and was fixed in version 0.3.5.



CVE-2010-5138

A block was discovered to have a lot of OP_CHECKSIG commands attached to transactions which caused extra strain on the network because the Bitcoin nodes had to do extra work to verify each command. The issue was fixed in version 0.3.x which prevented attaching multiple OP_CHECKSIG commands being attached to transactions and from then on only allowed one to be attached.

CVE-2010-5139

This vulnerability was to be known as the "value overflow incident" which is the infamous event where an attacker created 184,467,440,737.09551616 Bitcoins on the main network. Within 5 hours of discovering that this had happened a new client was released to fix the issue by rejecting transactions with value overflow and to correct the coins being injected into the main chain the main Bitcoin chain had to be forked.
Bitcoin Forum>Other>Beginners & Help
Jump to: