joshua/dash-docs
1
0
Fork 0
mirror of https://github.com/seigler/dash-docs synced 2025-07-27 01:36:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
dash-docs/_alerts/2012-05-14-dos.html
Saivann ec44853934 Add "Network status and alerts" page and RSS feed (fixes #170) 
Generate alerts pages through alerts.rb plugin
Allow to keep short alias urls for each alert
Move alert pages in _alerts
Update sitemap plugin to include alerts
2013-06-18 23:50:37 -04:00

61 lines
2 KiB
HTML
Raw Blame History

---
title: "CVE-2012-2459: Critical Vulnerability (denial-of-service)"
lastmod: "Mon May 14 17:00:00 UTC 2012"
alias: "dos"
active: false
---
<h2>Risks</h2>
<p>
A denial-of-service vulnerability that affects all versions of
bitcoind and Bitcoin-Qt has been reported and fixed. An attacker
could isolate a victim's node and cause the creation of blockchain
forks.
</p>
<h2>Solutions</h2>
<p>
Because this bug could be exploited to severely disrupt the Bitcoin
network we consider this a critical vulnerability, and encourage
everybody to upgrade to <a href="https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.6.2/">the latest version: 0.6.2</a>.
</p>
<p>
<a href="https://bitcointalk.org/?topic=79651">Backports for older releases (0.5.5 and 0.4.6) are also available</a> if
you cannot upgrade to version 0.6.2.
</p>
<h2>Technical Details</h2>
<p>
Full technical details are being withheld to give people the
opportunity to upgrade.
</p>
<p>
Thanks to <a href="http://forre.st/">Forrest Voight</a> for discovering and reporting the vulnerability.
</p>
<h2>Questions &amp; Answers</h2>
<h3>
How would I know if I am the victim of this attack?
</h3>
<p>
Your bitcoin process would stop processing blocks and would have a
different block count from the rest of the network (you can see the
current block count at websites like <a href="http://blockexplorer.com/">blockexplorer.com</a> or
<a href="http://blockchain.info/">blockchain.info</a>). Eventually it would display the message:
</p>
<blockquote>WARNING: Displayed transactions may not be correct! You may need to
upgrade, or other nodes may need to upgrade.</blockquote>
<p>
(note that this message is displayed whenever your bitcoin process
detects that the rest of the network seems to have a different
block count, which can happen for several reasons unrelated to
this vulnerability).
</p>
<h3>
Could this bug be used to steal my wallet?
</h3>
<p>
No.
</p>
<h3>
Could this bug be used to install malware on my system?
</h3>
<p>
No.
</p>
Reference in a new issue View git blame Copy permalink