The Bitcoin Core developer disclosed the vulnerability in earlier versions of the software client. The bug was fixed in the release of Bitcoin Core 0.19.
One of the developers of Bitcoin Core, Andrew Chow (Andrew Chow) published data on a vulnerability that affected earlier versions of the client. The fixed issue is known to other Bitcoin developers, usually affects web browsers and did not cause any crashes.
In a tweet, Chow noted that the vulnerability was present in Bitcoin Core versions 0.18 and below, but was fixed in the 0.19 release. Bitcoin Core 0.21.0 was released last month. The developer also said that the attack was unlikely to harm the client’s users.
“Given the security tools available in modern browsers and Linux desktop environments, I don’t think this vulnerability can actually be exploited,” he said. “However, otherwise it could lead to RCE (ie, the execution of malicious code on the victim’s computer).”
The potential for an attack was based on three technical aspects: the Unified Resource Identifier (URI), the free Qt5 GUI program, and the way the computer handles these two objects.
Chow said that since URI injection is a known problem, the developers know how to avoid it. However, the problem was with Qt5, a GUI that did not recognize any erroneous URIs and could skip unwanted arguments.
In theory, such a vulnerability allows malicious code to send false data or instructions to a computer and install a malicious plugin. This can cause the user’s system to crash or data theft.
Most browsers already have built-in security mechanisms to avoid such attacks and flag any unwanted arguments. This means that despite the vulnerability, it would be difficult to exploit it. In Chow’s opinion, this was almost impossible.
Recall that in September last year, developers disclosed information about a vulnerability discovered two years ago in Bitcoin Core, which allowed attackers to steal BTC, slow down transactions or split the network into conflicting versions.
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.