CVE-2016-10725 Information

Description

In Bitcoin Core before v0.13.0 a non-final alert is able to block the special \final alert\ (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures https://github.com/JinBean/CVE-Extension https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5