CVE-2011-4447

EUVD-2011-4376
The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
bitcoinbitcoin_core
0.4.0
bitcoinbitcoin_core
0.4.1:rc6
bitcoinbitcoin_core
0.5.0:rc
bitcoinwxbitcoin
0.4.0
bitcoinwxbitcoin
0.4.1:rc6
bitcoinwxbitcoin
0.5.0:rc
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bitcoin
hardy
dne
lucid
dne
natty
dne
oneiric
not-affected
precise
not-affected
Common Weakness Enumeration
References
http://bitcoin.org/releases/2011/11/21/v0.5.0.html
https://bitcointalk.org/index.php?topic=51474.0
https://bitcointalk.org/index.php?topic=51604.0
https://en.bitcoin.it/wiki/CVEs
http://bitcoin.org/releases/2011/11/21/v0.5.0.html
https://bitcointalk.org/index.php?topic=51474.0
https://bitcointalk.org/index.php?topic=51604.0
https://en.bitcoin.it/wiki/CVEs