untitled design

Bitcoin Core developers have fixed the vulnerability in versions 0.18 and below

The Bitcoin Core developer disclosed the vulnerability in earlier versions of the software client. The bug was fixed in the release of Bitcoin Core 0.19.

One of the developers of Bitcoin Core, Andrew Chow (Andrew Chow) published data on a vulnerability that affected earlier versions of the client. The fixed issue is known to other Bitcoin developers, usually affects web browsers and did not cause any crashes.

In a tweet, Chow noted that the vulnerability was present in Bitcoin Core versions 0.18 and below, but was fixed in the 0.19 release. Bitcoin Core 0.21.0 was released last month. The developer also said that the attack was unlikely to harm the client’s users.

“Given the security tools available in modern browsers and Linux desktop environments, I don’t think this vulnerability can actually be exploited,” he said. “However, otherwise it could lead to RCE (ie, the execution of malicious code on the victim’s computer).”

The potential for an attack was based on three technical aspects: the Unified Resource Identifier (URI), the free Qt5 GUI program, and the way the computer handles these two objects.

Chow said that since URI injection is a known problem, the developers know how to avoid it. However, the problem was with Qt5, a GUI that did not recognize any erroneous URIs and could skip unwanted arguments.

In theory, such a vulnerability allows malicious code to send false data or instructions to a computer and install a malicious plugin. This can cause the user’s system to crash or data theft.

Most browsers already have built-in security mechanisms to avoid such attacks and flag any unwanted arguments. This means that despite the vulnerability, it would be difficult to exploit it. In Chow’s opinion, this was almost impossible.

Recall that in September last year, developers disclosed information about a vulnerability discovered two years ago in Bitcoin Core, which allowed attackers to steal BTC, slow down transactions or split the network into conflicting versions.

You may also like

Get the latest

Stay Informed: Get the Latest Updates and Insights


Most popular