mirror of
https://github.com/seigler/dash-docs
synced 2025-07-27 09:46:12 +00:00
2718222c9b
implement multilanguage new improved clients list page update history and statistics in the "about" page add "Some things you need to know" page add "Support Bitcoin" page add a contextual presentation for each category of users (individuals, organizations, developers and enthusiasts) add a short and concise "how it works" page add a "vocabulary" page for Bitcoin technical words definitions give more visibility for the foundation new website design and layout
66 lines
2.2 KiB
HTML
66 lines
2.2 KiB
HTML
---
|
|
layout: base-en
|
|
---
|
|
<div class="container">
|
|
<section id="dos">
|
|
<h1>CVE-2012-2459: Critical Vulnerability (denial-of-service)</h1>
|
|
<h2>Risks</h2>
|
|
<p>
|
|
A denial-of-service vulnerability that affects all versions of
|
|
bitcoind and Bitcoin-Qt has been reported and fixed. An attacker
|
|
could isolate a victim's node and cause the creation of blockchain
|
|
forks.
|
|
</p>
|
|
<h2>Solutions</h2>
|
|
<p>
|
|
Because this bug could be exploited to severely disrupt the Bitcoin
|
|
network we consider this a critical vulnerability, and encourage
|
|
everybody to upgrade to <a href="https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.6.2/">the latest version: 0.6.2</a>.
|
|
</p>
|
|
<p>
|
|
<a href="https://bitcointalk.org/?topic=79651">Backports for older releases (0.5.5 and 0.4.6) are also available</a> if
|
|
you cannot upgrade to version 0.6.2.
|
|
</p>
|
|
<h2>Technical Details</h2>
|
|
<p>
|
|
Full technical details are being withheld to give people the
|
|
opportunity to upgrade.
|
|
</p>
|
|
<p>
|
|
Thanks to <a href="http://forre.st/">Forrest Voight</a> for discovering and reporting the vulnerability.
|
|
</p>
|
|
<h2>Questions & Answers</h2>
|
|
<h3>
|
|
How would I know if I am the victim of this attack?
|
|
</h3>
|
|
<p>
|
|
Your bitcoin process would stop processing blocks and would have a
|
|
different block count from the rest of the network (you can see the
|
|
current block count at websites like <a href="http://blockexplorer.com/">blockexplorer.com</a> or
|
|
<a href="http://blockchain.info/">blockchain.info</a>). Eventually it would display the message:
|
|
</p>
|
|
<blockquote>WARNING: Displayed transactions may not be correct! You may need to
|
|
upgrade, or other nodes may need to upgrade.</blockquote>
|
|
<p>
|
|
(note that this message is displayed whenever your bitcoin process
|
|
detects that the rest of the network seems to have a different
|
|
block count, which can happen for several reasons unrelated to
|
|
this vulnerability).
|
|
</p>
|
|
<h3>
|
|
Could this bug be used to steal my wallet?
|
|
</h3>
|
|
<p>
|
|
No.
|
|
</p>
|
|
<h3>
|
|
Could this bug be used to install malware on my system?
|
|
</h3>
|
|
<p>
|
|
No.
|
|
</p>
|
|
<div style="text-align:right">
|
|
<i>This notice last updated: Mon May 14 17:00:00 UTC 2012</i>
|
|
</div>
|
|
</section>
|
|
</div>
|