CVE-2023-50428 Information
Dec 14, 2023
cve
Description
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115 datacarrier size limits can be bypassed by obfuscating data as code (e.g. with OP_FALSE OP_IF) as exploited in the wild by Inscriptions in 2022 and 2023.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Reference
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures https://twitter.com/LukeDashjr/status/1732204937466032285 https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799 https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md https://github.com/bitcoin/bitcoin/tags
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
LOW
Base Severity
5.3
Share on: