CVE-2011-4447

The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
bitcoinbitcoin_core
0.4.0
bitcoinbitcoin_core
0.4.1:rc6
bitcoinbitcoin_core
0.5.0:rc
bitcoinwxbitcoin
0.4.0
bitcoinwxbitcoin
0.4.1:rc6
bitcoinwxbitcoin
0.5.0:rc
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bitcoin
precise
not-affected
oneiric
not-affected
natty
dne
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://bitcoin.org/releases/2011/11/21/v0.5.0.html
https://bitcointalk.org/index.php?topic=51474.0
https://bitcointalk.org/index.php?topic=51604.0
https://en.bitcoin.it/wiki/CVEs
http://bitcoin.org/releases/2011/11/21/v0.5.0.html
https://bitcointalk.org/index.php?topic=51474.0
https://bitcointalk.org/index.php?topic=51604.0
https://en.bitcoin.it/wiki/CVEs