CVE-2021-37491

EUVD-2021-24056
An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
dogecoindogecoin
𝑥
≤ 1.14.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dogecoin
sid
vulnerable
References
http://dogecoin.com
https://github.com/VPRLab/BlkVulnReport/blob/main/NDSS23_BlockScope.pdf
https://github.com/bitcoin/bitcoin/commit/2fb9c1e6681370478e24a19172ed6d78d95d50d3
https://github.com/dogecoin/dogecoin/blob/master/src/wallet/wallet.cpp#L2628-L2640
https://github.com/dogecoin/dogecoin/issues/2279
http://dogecoin.com
https://github.com/VPRLab/BlkVulnReport/blob/main/NDSS23_BlockScope.pdf
https://github.com/bitcoin/bitcoin/commit/2fb9c1e6681370478e24a19172ed6d78d95d50d3
https://github.com/dogecoin/dogecoin/blob/master/src/wallet/wallet.cpp#L2628-L2640
https://github.com/dogecoin/dogecoin/issues/2279