-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Auto-Update: 2024-11-18T05:00:20.129397+00:00
- Loading branch information
1 parent
72b928f
commit 8a70944
Showing
17 changed files
with
462 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| { | ||
| "id": "CVE-2015-20111", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-18T04:15:03.987", | ||
| "lastModified": "2024-11-18T04:15:03.987", | ||
| "vulnStatus": "Received", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was possible in conjunction with CVE-2015-6031 exploitation." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://bitcoincore.org/en/2024/07/03/disclose_upnp_rce/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://github.com/miniupnp/miniupnp/commit/4c90b87ce3d2517097880279e8c3daa7731100e6", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://github.com/miniupnp/miniupnp/pull/157", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "id": "CVE-2019-25220", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-18T04:15:04.107", | ||
| "lastModified": "2024-11-18T04:15:04.107", | ||
| "vulnStatus": "Received", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a \"Chain Width Expansion\" attack) because a node does not first verify that a presented chain has enough work before committing to store it." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://bitcoincore.org/en/2024/09/18/disclose-headers-oom", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-October/017354.html", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| { | ||
| "id": "CVE-2024-38828", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-18T04:15:04.233", | ||
| "lastModified": "2024-11-18T04:15:04.233", | ||
| "vulnStatus": "Received", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Spring MVC controller methods with an @RequestBody byte[]\u00a0method parameter are vulnerable to a DoS attack." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "NONE", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "NONE", | ||
| "integrityImpact": "NONE", | ||
| "availabilityImpact": "LOW", | ||
| "baseScore": 5.3, | ||
| "baseSeverity": "MEDIUM" | ||
| }, | ||
| "exploitabilityScore": 3.9, | ||
| "impactScore": 1.4 | ||
| } | ||
| ] | ||
| }, | ||
| "references": [ | ||
| { | ||
| "url": "https://spring.io/security/cve-2024-38828", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| { | ||
| "id": "CVE-2024-52912", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-18T04:15:04.443", | ||
| "lastModified": "2024-11-18T04:15:04.443", | ||
| "vulnStatus": "Received", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| { | ||
| "id": "CVE-2024-52913", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-18T04:15:04.500", | ||
| "lastModified": "2024-11-18T04:15:04.500", | ||
| "vulnStatus": "Received", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://bitcoincore.org/en/2024/07/03/disclose_already_asked_for/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| { | ||
| "id": "CVE-2024-52914", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-18T04:15:04.567", | ||
| "lastModified": "2024-11-18T04:15:04.567", | ||
| "vulnStatus": "Received", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| { | ||
| "id": "CVE-2024-52915", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-18T04:15:04.633", | ||
| "lastModified": "2024-11-18T04:15:04.633", | ||
| "vulnStatus": "Received", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://bitcoincore.org/en/2024/07/03/disclose-inv-buffer-blowup/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| { | ||
| "id": "CVE-2024-52916", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-18T04:15:04.697", | ||
| "lastModified": "2024-11-18T04:15:04.697", | ||
| "vulnStatus": "Received", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://bitcoincore.org/en/2024/07/03/disclose-header-spam/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| { | ||
| "id": "CVE-2024-52917", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-18T04:15:04.760", | ||
| "lastModified": "2024-11-18T04:15:04.760", | ||
| "vulnStatus": "Received", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://bitcoincore.org/en/2024/07/31/disclose-upnp-oom/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| { | ||
| "id": "CVE-2024-52918", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-18T04:15:04.823", | ||
| "lastModified": "2024-11-18T04:15:04.823", | ||
| "vulnStatus": "Received", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://bitcoincore.org/en/2024/07/03/disclose-bip70-crash/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| { | ||
| "id": "CVE-2024-52919", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-18T04:15:04.890", | ||
| "lastModified": "2024-11-18T04:15:04.890", | ||
| "vulnStatus": "Received", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| { | ||
| "id": "CVE-2024-52920", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-18T04:15:04.960", | ||
| "lastModified": "2024-11-18T04:15:04.960", | ||
| "vulnStatus": "Received", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://bitcoincore.org/en/2024/07/03/disclose-getdata-cpu/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| { | ||
| "id": "CVE-2024-52921", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-18T04:15:05.023", | ||
| "lastModified": "2024-11-18T04:15:05.023", | ||
| "vulnStatus": "Received", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://bitcoincore.org/en/2024/10/08/disclose-mutated-blocks-hindering-propagation/", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
Oops, something went wrong.