Serious Buffer Overflow Vulnerability In The Bitcoin Core Client Disclosed

From LinuxReviews
Jump to navigationJump to search

A serious vulnerability which allowed malicious SOCKS proxies to overwrite the program stack in old versions of the Bitcoin Core client was disclosed on the Bitcoin Core mailing list earlier this month. It was fixed years ago and it is only remotely interesting as a indicator of how the Bitcoin Core team works.

published 2019-11-20last edited 2019-11-20

The Timeline

The cryptocurrency Bitcoin (BTC) is currently taking a look at the local support area around $7800-$8000. There's a rather large gap down to $4000 below the bulls last line of defense. The Upside has resistance at $9000 and $12200. The next Bitcoin block halving (half as much new supply mined) is in May 2020.

"CVE-2017-18350 is a buffer overflow vulnerability which allows a malicious SOCKS proxy server to overwrite the program stack on systems with a signed char type (including common 32-bit and 64-bit x86 PCs)."

Bitcoin Core Security Announcement
November 2019

In short: A Bitcoin Core Client configured to use a specially configured evil SOCKS proxy could get 0wned using a vulnerability. The code which introduced this flaw was merged into the git master repository in May, 2012.

  • The first major release with this code was v0.7.0 - released in September 2012.
  • A hacker named "practicalswift" discovered this minor problem and reported it to the Bitcoin Security team on September 21st, 2017. It was easily fixed and a patch was added to the git master repository later that month.
  • Two months went by and Bitcoin Core version v0.15.1 was released - with the fix - on November 9th, 2017.
  • Two years went by and then the Bitcoin Core team finally decided to disclose how anyone in control of a SOCKS proxy used by a Bitcoin Core client prior to version 0.15.1.

It must be noted that even though it's kind of a serious vulnerability it is also a corner-case. You had to explicitly configure Bitcoin Core to use a SOCKS proxy to get exploited. Those who do that will typically point it at a local client for the Tor anonymity network.

Ssshh Keep Secret

The most interesting part of this disclosure is how it took two years from the time a version fixing the vulnerability was released to the time it was publicly admitted and announced. That should make anyone holding larger amounts in a Bitcoin Core Wallet twink twice about using older versions. Such a long period of total silence from a vulnerability is fixed to the time it's disclosed is very rare. Not a single example of a similar disclosure-policy comes to mind.

Bitcoin Core 0.18.1, released in August 2019, is the last stable release. There's also a third 0.19.0 release-candidate for those who want to try the upcoming version.

The Bitcoin Core wallet software does not come with any Bitcoin's (BTC). Bitcoins are currently trading at $8100 per coin with support at $8000 and a huge gap down to the $4000 level. Bitcoin exchanges like Bitmex and Bitfinex can be used to take short positions which will profit if the Bitcoin price crashes (there is no risk-free lunch, those positions will suffer if the $8000 level holds and the price starts rallying). This is not financial advice and I am not a financial advisor; I literally shuffle horse-manure for $3.63 an hour and write articles at LinuxReviews as a hobby. Yes, that's actually true.

(0 votes)

Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.