Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Disclosure of the details of an integer overflow bug which causes an assertion
crash, a fix for which was released on September 14th, 2021 in Bitcoin Core
version v22.0.
This issue is considered High severity.
Details
CAddrMan
has a 32-bit nIdCount
field that is incremented on every insertion
into addrman, and which then becomes the identifier for the new entry. By
getting the victim to insert 232 entries (through e.g. spamming addr
messages), this identifier overflows, which leads to an assertion crash.
Attribution
Credit goes to Eugene Siegel for discovering and disclosing the vulnerability,
and to Pieter Wuille for fixing the issue in
https://github.com/bitcoin/bitcoin/pull/22387.
Timeline
- 2021-06-21 - Initial report sent to security@bitcoincore.org by Eugene Siegel
- 2021-07-19 - Fix is merged (https://github.com/bitcoin/bitcoin/pull/22387)
- 2021-09-13 - v22.0 is released
- 2024-07-31 - Public disclosure
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.