CVE-2019-15947 Information

Description

In Bitcoin Core 0.18.0 bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash it may dump a core file. If a user were to mishandle a core file an attacker can reconstruct the user’s wallet.dat file including their private keys via a grep \6231 0500\ command.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_ExposuresCVE-2019-15947 https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b https://github.com/bitcoin/bitcoin/issues/16824 https://security.gentoo.org/glsa/202009-18

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5