CVE-2023-37192: https://www.youtube.com/watch?v=oEl4M1oZim0 Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing. No references to an upstream report, so this smells off to me.
1. The very first sentence of the overview mentions Windows, and the "attack" demo code uses Windows APIs. 2. This is stupid, as it amounts to "Anyone with privileges to open a handle to the Bitcoin process and manipulate process memory can overwrite bitcoin addresses in the Bitcoin process's memory." Pretty much a "no shit, Sherlock."
(I meant to offense the reporter. It's also possible that I am missing some crucial detail in the "exploit," as I only briefly glanced over it, having been predisposed to dismiss it by the "this smells off to me.")
No objection from me.
Doh! I actually meant to say, "I meant no offense to the reporter." Yikes. Sorry about that. Thank you, John.
Hah, I understood what you meant :)