CVE-2013-2272
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
12/03/2013
Last modified:
18/03/2020
Description
The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:bitcoin:bitcoin-qt:*:rc4:*:*:*:*:*:* | 0.4.8 (including) | |
| cpe:2.3:a:bitcoin:bitcoin-qt:0.4:rc4:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin-qt:0.5.1:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin-qt:0.5.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin-qt:0.5.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin-qt:0.6.0.10:rc4:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin-qt:0.6.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin-qt:0.7.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin-qt:0.7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin-qt:0.7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page