CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
bitcoinbitcoin_core
0.14.0 ≤
𝑥
< 0.14.3
bitcoinbitcoin_core
0.15.0 ≤
𝑥
< 0.15.2
bitcoinbitcoin_core
0.16.0 ≤
𝑥
< 0.16.3
bitcoinknotsbitcoin_knots
0.14.0 ≤
𝑥
< 0.16.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dogecoin
sid
1.14.8-1
fixed
litecoin
bullseye
0.18.1-1.1
fixed
bookworm
0.21.2.1-1
fixed
sid
0.21.3-1
fixed
References
https://bitcoincore.org/en/2018/09/18/release-0.16.3/
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144
https://github.com/JinBean/CVE-Extension
https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md
https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md
https://bitcoincore.org/en/2018/09/18/release-0.16.3/
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144
https://github.com/JinBean/CVE-Extension
https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md
https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md