Serious Buffer Overflow Vulnerability In The Bitcoin Core Client Disclosed
A serious vulnerability which allowed malicious SOCKS proxies to overwrite the program stack in old versions of the Bitcoin Core client was disclosed on the Bitcoin Core mailing list earlier this month. It was fixed years ago and it is only remotely interesting as a indicator of how the Bitcoin Core team works.
published 2019-11-20 - last edited 2019-11-20
The cryptocurrency Bitcoin (BTC) is currently taking a look at the local support area around $7800-$8000. There's a rather large gap down to $4000 below the bulls last line of defense. The Upside has resistance at $9000 and $12200. The next Bitcoin block halving (half as much new supply mined) is in May 2020.
"CVE-2017-18350 is a buffer overflow vulnerability which allows a malicious SOCKS proxy server to overwrite the program stack on systems with a signed char type (including common 32-bit and 64-bit x86 PCs)."
In short: A Bitcoin Core Client configured to use a specially configured evil SOCKS proxy could get 0wned using a vulnerability. The code which introduced this flaw was merged into the git master repository in May, 2012.
- The first major release with this code was v0.7.0 - released in September 2012.
- A hacker named "practicalswift" discovered this minor problem and reported it to the Bitcoin Security team on September 21st, 2017. It was easily fixed and a patch was added to the git master repository later that month.
- Two months went by and Bitcoin Core version v0.15.1 was released - with the fix - on November 9th, 2017.
- Two years went by and then the Bitcoin Core team finally decided to disclose how anyone in control of a SOCKS proxy used by a Bitcoin Core client prior to version 0.15.1.
It must be noted that even though it's kind of a serious vulnerability it is also a corner-case. You had to explicitly configure Bitcoin Core to use a SOCKS proxy to get exploited. Those who do that will typically point it at a local client for the Tor anonymity network.
Ssshh Keep Secret
The most interesting part of this disclosure is how it took two years from the time a version fixing the vulnerability was released to the time it was publicly admitted and announced. That should make anyone holding larger amounts in a Bitcoin Core Wallet twink twice about using older versions. Such a long period of total silence from a vulnerability is fixed to the time it's disclosed is very rare. Not a single example of a similar disclosure-policy comes to mind.
The Bitcoin Core wallet software does not come with any Bitcoin's (BTC). Bitcoins are currently trading at $8100 per coin with support at $8000 and a huge gap down to the $4000 level. Bitcoin exchanges like Bitmex and Bitfinex can be used to take short positions which will profit if the Bitcoin price crashes (there is no risk-free lunch, those positions will suffer if the $8000 level holds and the price starts rallying). This is not financial advice and I am not a financial advisor; I literally shuffle horse-manure for $3.63 an hour and write articles at LinuxReviews as a hobby. Yes, that's actually true.